CVE-2025-30074

Published: Mar 16, 2025Modified: Mar 16, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.1 / Impact: 6.0

Source: MITRE (Secondary)

Description

Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://kb.parallels.com/en/130944

Source: cve@mitre.org

Timeline

No history available yet.