CVE-2025-11772

A carefully crafted DLL, copied to 

C:\ProgramData\Synaptics

 folder, allows a local user to execute 
arbitrary code with elevated privileges during driver installation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SynapticsCNA
6.6 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Common Weakness Enumeration
References
https://www.synaptics.com/sites/default/files/2025-12/fingerprint-driver-co-installer-security-brief-2025-12-01.pdf