CVE-2025-31359: A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This...

8.8 CVSS

Description

A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.

Classification

CVE ID: CVE-2025-31359

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem Types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected Products

Vendor: Parallels

Product: Parallels Desktop for Mac

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 13.45% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-31359
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2160

Timeline

2025-06-03 10:40:16 UTC
CVE

A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This...