Skip to main content

Parallels Desktop CVE-2024-52561

| EUVDEUVD-2024-54641 HIGH
Incorrect Ownership Assignment (CWE-708)
2025-06-03 talos-cna@cisco.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2024-54641
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
PoC Detected
Jul 02, 2025 - 14:53 vuln.today
Public exploit code
CVE Published
Jun 03, 2025 - 10:15 nvd
HIGH 7.8

DescriptionCVE.org

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation.

AnalysisAI

Privilege escalation vulnerability in Parallels Desktop for Mac version 20.1.1 (build 55740) affecting the Snapshot deletion functionality. A local attacker with standard user privileges can exploit a symlink race condition to manipulate root-owned snapshot files, escalating privileges to root. The vulnerability has a CVSS score of 7.8 (high severity) with low attack complexity, and while specific KEV/EPSS data is not provided, the low complexity and local attack vector suggest moderate real-world exploitation probability.

Technical ContextAI

The vulnerability exists in Parallels Desktop's snapshot management system, specifically in the root service that handles snapshot deletion and file ownership verification. The root cause is classified under CWE-708 (Incorrect Ownership Assignment), indicating improper validation of file ownership before modifying it. When a snapshot is deleted, a privileged service performs ownership modifications without adequate checks for symlink attacks. An attacker can create symbolic links pointing to arbitrary files owned by root, and when the snapshot deletion routine processes these links without validating their target, the ownership is transferred to a lower-privilege user. This is a classic privilege escalation pattern exploiting the TOCTOU (Time-of-Check-Time-of-Use) race condition between ownership verification and modification. CPE notation would be: cpe:2.7:a:parallels:parallels_desktop:20.1.1:*:*:*:*:macos:*:*

RemediationAI

Parallels has not provided public patch information in the available data. Recommended actions: (1) Upgrade to a version beyond 20.1.1 once patches are released by Parallels; (2) Check Parallels advisory channels (parallels.com/products/desktop/support) for available security updates; (3) As a temporary mitigation, restrict local user access to systems running Parallels Desktop 20.1.1 to trusted users only; (4) Monitor snapshot deletion operations and file ownership changes in system logs; (5) Disable snapshot functionality if not actively needed until patching is possible. Parallels customers should contact support at https://www.parallels.com/support for official patch availability and timeline.

CVE-2025-31359 HIGH POC
8.8 Jun 03

Directory traversal vulnerability in Parallels Desktop for Mac version 20.2.2 (build 55879) affecting the PVMP package u

CVE-2024-54189 HIGH POC
7.8 Jun 03

Privilege escalation vulnerability in Parallels Desktop for Mac version 20.1.1 (build 55740) where the snapshot function

CVE-2024-36486 HIGH POC
7.8 Jun 03

Privilege escalation vulnerability in Parallels Desktop for Mac 20.1.1 that allows a local attacker with user-level priv

CVE-2024-6240 CRITICAL
10.0 Jun 21

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. R

CVE-2022-34890 HIGH
8.8 Jul 18

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Deskt

CVE-2021-34864 HIGH
8.8 Oct 25

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (

CVE-2021-34857 HIGH
8.8 Oct 25

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (

CVE-2021-34856 HIGH
8.8 Oct 25

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (

CVE-2021-31426 HIGH
8.8 Apr 29

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-4

CVE-2021-31425 HIGH
8.8 Apr 29

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-4

CVE-2021-31424 HIGH
8.8 Apr 29

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-4

CVE-2021-31420 HIGH
8.8 Apr 29

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-4

Share

CVE-2024-52561 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy