Local Privilege Escalation Vulnerability in Parallels Desktop by Parallels
CVE-2025-0413

Currently unrated

Key Information:

Vendor

Parallels

Status
Desktop
Vendor
CVE Published:
5 February 2025

What is CVE-2025-0413?

The vulnerability in the Technical Data Reporter component of Parallels Desktop allows local attackers to escalate their privileges. Once an attacker gains low-privileged access to the system, they can create a symbolic link to manipulate permissions of arbitrary files. This can lead to executing code with elevated privileges, granting the attacker extensive control over the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Desktop 19.4.1 (54985)

References

https://www.zerodayinitiative.com/advisories/ZDI-25-082/
x_research-advisory
https://kb.parallels.com/130212
vendor-advisory

Timeline

  • Vulnerability published

JSON
.