Privilege Escalation Vulnerability in Parallels Desktop for Mac
CVE-2024-52561

7.8HIGH

Key Information:

Vendor

Parallels

Vendor
CVE Published:
3 June 2025

What is CVE-2024-52561?

A vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac which allows an attacker to exploit symlinks when deleting virtual machine snapshots. This can lead to the unauthorized modification of file ownership, enabling lower-privilege users to gain elevated access to sensitive files normally restricted to root. Proper safeguards are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

Parallels Desktop for Mac version 20.1.1 (55740)

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Discovered by KPC of Cisco Talos.
.