Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-0413

Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Technical Data Reporter component. By creating a symbolic link, an attacker can abuse the service to change the permissions of arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-25014.

Published

2025-02-05T00:15:28.173

Last Modified

2025-08-15T12:45:24.357

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-59

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	parallels	remote_application_server	< 19.4.3.2-25228	Yes
Application	parallels	parallels	< 19.4.3-25221	Yes
Application	parallels	parallels	< 20.2-25889	Yes

References

https://kb.parallels.com/130212 Release Notes ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-25-082/ Third Party Advisory ([email protected])