HIGH🇵🇱 Wersja polska

CVE-2025-31359

CVSS 8.8v3.1pub. 2025-06-03upd. 2025-07-02

A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Parallels Desktop

    APP
    Parallels
    20.2.2_\(55879\)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path TraversalLPE
CWE
References

Related vulnerabilities

CVE-2024-54189HIGH7.8ten sam produkt

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version...

CVE-2024-52561HIGH7.8ten sam produkt

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version...

CVE-2024-36486HIGH7.8ten sam produkt

A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parall...

CVE-2024-6240HIGH7.7ten sam produkt

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than...

CVE-2024-6153HIGH7.8ten sam produkt

Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability al...