CVE-2024-52561
published 2025-06-03CVE-2024-52561: A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a…
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.24%
15.5th percentile
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| parallels | parallels_desktop | — | — |
| parallels | parallels_desktop_for_mac | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
blogs_talos·2025-06-11·CVSS 8.4
[HIGH] catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
## catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party vulnerability disclosure policy , except in the case of the catdoc zero-day vulnerabilities, which were patched by our researcher ( patches found in this repository ). This is an unusual case, because the vendor could not be reached to fix these high-risk bugs; our policy does not include fixing third-party vulnerabilities.
For Snort coverage that can detect the exploitation of these vulnera
Talos
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
blogs_talos·2025-06-11·CVSS 8.4
[HIGH] catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party vulnerability disclosure policy, except in the case of the catdoc zero-day vulnerabilities, which were patched by our researcher (patches found in this repository). This is an unusual case, because the vendor could not be reached to fix these high-risk bugs; our policy does not include fixing third-party vulnerabilities.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability
2025-06-03
Published