CVE-2025-30074 HIGH

CVE-2025-30074

Vendor Parallels
Product Parallels Desktop
Weakness CWE-863 · Incorrect authorization
Published March 16, 2025
Last update March 17, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.

Key dates

02Disclosure timeline

March 16, 2025 CVE published
March 17, 2025 Record updated