CVE-2024-52561

| EUVD-2024-54641 HIGH
2025-06-03 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2024-54641
PoC Detected
Jul 02, 2025 - 14:53 vuln.today
Public exploit code
CVE Published
Jun 03, 2025 - 10:15 nvd
HIGH 7.8

Tags

Privilege Escalation Parallels Desktop

Description

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation.

Analysis

Privilege escalation vulnerability in Parallels Desktop for Mac version 20.1.1 (build 55740) affecting the Snapshot deletion functionality. A local attacker with standard user privileges can exploit a symlink race condition to manipulate root-owned snapshot files, escalating privileges to root. The vulnerability has a CVSS score of 7.8 (high severity) with low attack complexity, and while specific KEV/EPSS data is not provided, the low complexity and local attack vector suggest moderate real-world exploitation probability.

Technical Context

The vulnerability exists in Parallels Desktop's snapshot management system, specifically in the root service that handles snapshot deletion and file ownership verification. The root cause is classified under CWE-708 (Incorrect Ownership Assignment), indicating improper validation of file ownership before modifying it. When a snapshot is deleted, a privileged service performs ownership modifications without adequate checks for symlink attacks. An attacker can create symbolic links pointing to arbitrary files owned by root, and when the snapshot deletion routine processes these links without validating their target, the ownership is transferred to a lower-privilege user. This is a classic privilege escalation pattern exploiting the TOCTOU (Time-of-Check-Time-of-Use) race condition between ownership verification and modification. CPE notation would be: cpe:2.7:a:parallels:parallels_desktop:20.1.1:*:*:*:*:macos:*:*

Affected Products

- product: Parallels Desktop for Mac; versions: ['20.1.1 (build 55740)']; platform: macOS; cpe: cpe:2.7:a:parallels:parallels_desktop:20.1.1:*:*:*:*:macos:*:*; severity: High

Remediation

Parallels has not provided public patch information in the available data. Recommended actions: (1) Upgrade to a version beyond 20.1.1 once patches are released by Parallels; (2) Check Parallels advisory channels (parallels.com/products/desktop/support) for available security updates; (3) As a temporary mitigation, restrict local user access to systems running Parallels Desktop 20.1.1 to trusted users only; (4) Monitor snapshot deletion operations and file ownership changes in system logs; (5) Disable snapshot functionality if not actively needed until patching is possible. Parallels customers should contact support at https://www.parallels.com/support for official patch availability and timeline.

Priority Score

59
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +39
POC: +20

Share

CVE-2024-52561 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy