HIGH🇬🇧 English

CVE-2025-0413

CVSS 7.8v3.0pub. 2025-02-05upd. 2025-08-15

Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Technical Data Reporter component. By creating a symbolic link, an attacker can abuse the service to change the permissions of arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-25014.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Parallels

    APP
    Parallels
    19.0-23304 – 19.4.3-25221 (bez)20.0-25389 – 20.2-25889 (bez)
  • Parallels Remote Application Server

    APP
    Parallels
    < 19.4.3.2-25228
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCELPE
CWE
Referencje

Powiązane podatności

CVE-2023-45894CRITICAL10.0PL ✓ten sam produkt

RCE w Parallels Remote Application Server przez brak segmentacji aplikacji

CVE-2020-15860CRITICAL9.9ten sam produkt

Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It ...

CVE-2022-40870HIGH8.1ten sam produkt

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. Th...

CVE-2021-34867HIGH8.2ten sam produkt

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Deskto...

CVE-2021-34868HIGH8.8ten sam produkt

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Deskto...

CVE-2025-0413 — HIGH 7.8 | CVEbaza.pl