CVE-2025-32776 MEDIUM

CVE-2025-32776: OpenRazer Vulnerable to Out of Bounds Read

Vendor Openrazer
Product openrazer
Weakness CWE-125
Published April 15, 2025
Last update November 3, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2.

Key dates

02Disclosure timeline

April 15, 2025 CVE published
November 3, 2025 Record updated