CVE-2025-11772
📋 TL;DR
This vulnerability allows a local attacker to place a malicious DLL in the C:\ProgramData\Synaptics folder, which then gets executed with elevated privileges during driver installation. This enables privilege escalation from a standard user account to SYSTEM-level access. Affects systems with vulnerable Synaptics fingerprint driver co-installers.
💻 Affected Systems
- Synaptics Fingerprint Driver Co-installer
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise where an attacker gains SYSTEM privileges, installs persistent malware, accesses sensitive data, and disables security controls.
Likely Case
Local privilege escalation allowing attackers to bypass security restrictions, install additional malware, or access protected system resources.
If Mitigated
Limited impact if proper file permissions prevent DLL planting or if driver installation is restricted to trusted administrators.
🎯 Exploit Status
Exploitation requires local access and ability to write to the ProgramData\Synaptics folder. DLL planting attacks are well-understood techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Updated driver versions released December 2025
Vendor Advisory: https://www.synaptics.com/sites/default/files/2025-12/fingerprint-driver-co-installer-security-brief-2025-12-01.pdf
Restart Required: Yes
Instructions:
1. Download updated Synaptics fingerprint driver from official vendor site. 2. Uninstall current driver via Control Panel > Programs and Features. 3. Install updated driver. 4. Restart system.
🔧 Temporary Workarounds
Restrict folder permissions
windowsModify NTFS permissions on C:\ProgramData\Synaptics to prevent standard users from writing files
icacls "C:\ProgramData\Synaptics" /deny Users:(OI)(CI)W
Remove vulnerable driver
windowsUninstall the Synaptics fingerprint driver co-installer if not needed
🧯 If You Can't Patch
- Apply the folder permission workaround to restrict write access to C:\ProgramData\Synaptics
- Monitor for DLL creation in the Synaptics folder using file integrity monitoring
🔍 How to Verify
Check if Vulnerable:
Check if C:\ProgramData\Synaptics exists and if standard users have write permissions to itCheck Version:
Check driver version in Device Manager > Biometric devices > Synaptics Fingerprint Driver propertiesVerify Fix Applied:
Verify updated driver version is installed and folder permissions are restricted📡 Detection & Monitoring
Log Indicators:
- DLL creation in C:\ProgramData\Synaptics by non-admin users
- Driver installation events from unusual sources
Network Indicators:
- No network indicators - local exploitation only
SIEM Query:
EventID=4663 AND ObjectName="C:\\ProgramData\\Synaptics\\*" AND Accesses="WriteData" AND SubjectUserName NOT IN ("SYSTEM", "Administrator")