About me

I’m Giuliano Sanfins (0x_alibabas). I work in cybersecurity focusing on red team operations, offensive security, and vulnerability research.

My work includes:

• Reporting vulnerabilities that became published CVEs
• Participating in bug bounty programs and vendor security portals
• Running penetration tests, red team operations, and phishing simulations
• Sharing research and technical findings with teams and the security community

Advisories and CVEs

Some of my disclosed vulnerabilities:

• CVE-2025-36537 – TeamViewer Remote Management Arbitrary File Deletion via MSI Rollback. An unprivileged local user could leverage the MSI repair mechanism to delete arbitrary files with SYSTEM privileges. (ZDI-25-419)
• CVE-2025-9871 – Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. (ZDI-25-920)
• CVE-2025-9870 – Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. (ZDI-25-921)
• CVE-2025-9869 – Razer Synapse 3 Chroma SDK Server Unquoted Search Path Local Privilege Escalation Vulnerability. (ZDI-25-919)

Connect

• Discord: alibabas
• Twitter: @0x_alibabas
• LinkedIn: Giuliano Sanfins