Local Privilege Escalation Vulnerability in Parallels Desktop by Parallels
CVE-2025-0413

Currently unrated

Key Information:

Vendor: Parallels
Status: Desktop
Vendor: CVE Published:; 5 February 2025

What is CVE-2025-0413?

The vulnerability in the Technical Data Reporter component of Parallels Desktop allows local attackers to escalate their privileges. Once an attacker gains low-privileged access to the system, they can create a symbolic link to manipulate permissions of arbitrary files. This can lead to executing code with elevated privileges, granting the attacker extensive control over the system.

Affected Version(s)

Desktop 19.4.1 (54985)

References

https://www.zerodayinitiative.com/advisories/ZDI-25-082/

x_research-advisory

https://kb.parallels.com/130212

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2025