CVE-2024-54189

HIGH EPSS 19.4%

Published Jun 3, 20251y ago · Modified Jun 17, 20261w ago

7.8 CVSS 3.1

High

Published Jun 3, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.

CVSS Details

Base Score

7.8

Exploitability

1.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

19.4% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-59

CWE-62

Affected Products 1

Vendor	Product	Version	Range
parallels	parallels_desktop	20.1.1_\(55740\)	any

References 2

talosintelligence.com https://talosintelligence.com/vulnerability_reports/TALOS-2024-2124

ExploitThird Party Advisory
talosintelligence.com https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2124

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.