CVE-2025-31359 | THREATINT

Description

A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.

PUBLISHED Reserved 2025-03-28 | Published 2025-06-03 | Updated 2025-06-03 | Assigner talos

HIGH: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

20.2.2 (55879)

affected

Credits

Discovered by KPC of Cisco Talos.

References

www.talosintelligence.com/...ability_reports/TALOS-2025-2160

talosintelligence.com/vulnerability_reports/TALOS-2025-2160 exploit

talosintelligence.com/vulnerability_reports/TALOS-2025-2160

cve.org (CVE-2025-31359)

nvd.nist.gov (CVE-2025-31359)

Download JSON