CVE-2024-36486 – Parallels Desktop for Mac Privilege Escalation Vulnerability

CVE ID : CVE-2024-36486

Published : June 3, 2025, 10:15 a.m. | 2 hours, 14 minutes ago

Description : A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…