cbcvebase.

Parallels Desktop For Mac vulnerabilities

4 known vulnerabilities affecting parallels/parallels_desktop_for_mac.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4

Vulnerabilities

Page 1 of 1
CVE-2025-31359P3HIGHCVSS 8.8v20.2.2 (55879)2025-06-03
CVE-2025-31359 [HIGH] CWE-22 CVE-2025-31359: A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.
nvd
CVE-2024-36486P3HIGHCVSS 7.8vversion 20.1.1 (55740)2025-06-03
CVE-2024-36486 [HIGH] CWE-62 CVE-2024-36486: A privilege escalation vulnerability exists in the virtual machine archive restoration functionality A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this pro
nvd
CVE-2024-54189P3HIGHCVSS 7.8vversion 20.1.1 (55740)2025-06-03
CVE-2024-54189 [HIGH] CWE-62 CVE-2024-54189: A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for M A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.
nvd
CVE-2024-52561P3HIGHCVSS 7.8vversion 20.1.1 (55740)2025-06-03
CVE-2024-52561 [HIGH] CWE-708 CVE-2024-52561: A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for M A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privil
nvd
Parallels Desktop For Mac vulnerabilities | cvebase