CVE-2024-36486
published 2025-06-03CVE-2024-36486: A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When…
PriorityP346high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.28%
19.4th percentile
A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| parallels | parallels_desktop | — | — |
| parallels | parallels_desktop_for_mac | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
blogs_talos·2025-06-11·CVSS 8.4
[HIGH] catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
## catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party vulnerability disclosure policy , except in the case of the catdoc zero-day vulnerabilities, which were patched by our researcher ( patches found in this repository ). This is an unusual case, because the vendor could not be reached to fix these high-risk bugs; our policy does not include fixing third-party vulnerabilities.
For Snort coverage that can detect the exploitation of these vulnera
Talos
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
blogs_talos·2025-06-11·CVSS 8.4
[HIGH] catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party vulnerability disclosure policy, except in the case of the catdoc zero-day vulnerabilities, which were patched by our researcher (patches found in this repository). This is an unusual case, because the vendor could not be reached to fix these high-risk bugs; our policy does not include fixing third-party vulnerabilities.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability
2025-06-03
Published