CVE-2025-31359

HIGH

Parallels Desktop - Path Traversal

Title source: rule

Description

A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.

References (2)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2025-2160

[Exploit, Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2160

Scores

CVSS v3 8.8

EPSS 0.0019

EPSS Percentile 41.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-22

Status published

Affected Products (1)

parallels/parallels_desktop

Timeline

Published Jun 03, 2025

Tracked Since Feb 18, 2026