HIGH🇬🇧 English

CVE-2025-31359

CVSS 8.8v3.1pub. 2025-06-03upd. 2025-07-02

A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Parallels Desktop

    APP
    Parallels
    20.2.2_\(55879\)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path TraversalLPE
CWE
Referencje

Powiązane podatności

CVE-2024-54189HIGH7.8ten sam produkt

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version...

CVE-2024-52561HIGH7.8ten sam produkt

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version...

CVE-2024-36486HIGH7.8ten sam produkt

A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parall...

CVE-2024-6240HIGH7.7ten sam produkt

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than...

CVE-2024-6153HIGH7.8ten sam produkt

Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability al...