CVE-2025-30074
📋 TL;DR
This vulnerability in Parallels Desktop for macOS on Intel platforms allows local attackers to escalate privileges to root during VM creation. It affects users running vulnerable versions of Parallels Desktop on macOS with Intel processors. Successful exploitation gives attackers complete system control.
💻 Affected Systems
- Parallels Desktop
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains full root access to the macOS host system, enabling installation of persistent malware, data theft, and complete system compromise.
Likely Case
Malicious local user or malware with user-level access escalates to root to bypass security controls and maintain persistence.
If Mitigated
With proper patch management and least privilege principles, impact is limited to isolated test environments or non-critical systems.
🎯 Exploit Status
Requires local access to the system and ability to create or interact with VMs. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 19.4.2 or 20.2.2
Vendor Advisory: https://kb.parallels.com/en/130944
Restart Required: No
Instructions:
1. Open Parallels Desktop. 2. Go to Help > Check for Updates. 3. Install available update to version 19.4.2 or 20.2.2. 4. Verify update completed successfully.
🔧 Temporary Workarounds
Disable VM Creation
macOSPrevent users from creating new virtual machines to block the vulnerable routine
Restrict Parallels Desktop Usage
macOSLimit Parallels Desktop to trusted users only via macOS permissions
🧯 If You Can't Patch
- Remove Parallels Desktop from production systems
- Isolate affected systems from critical network segments
🔍 How to Verify
Check if Vulnerable:
Check Parallels Desktop version in application menu or via 'prlctl --version' commandCheck Version:
prlctl --versionVerify Fix Applied:
Confirm version is 19.4.2 or higher for version 19, or 20.2.2 or higher for version 20📡 Detection & Monitoring
Log Indicators:
- Unusual VM creation events
- Privilege escalation attempts in system logs
- Parallels Desktop crash reports
Network Indicators:
- Unexpected network traffic from Parallels Desktop processes
SIEM Query:
source="parallels" AND (event="vm_create" OR event="privilege_escalation")