PT-2025-11374 · Alludo · Parallels Desktop

Published

2025-03-15

Updated

2025-03-17

CVE-2025-30074

CVSS v3.1

7.8

High

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Alludo Parallels Desktop versions 19.4.1 and earlier, 20.x versions prior to 20.2.2

Description: The issue allows for privilege escalation to root via the VM creation routine.

Recommendations: For Alludo Parallels Desktop versions 19.4.1 and earlier, update to version 19.4.2 or later. For Alludo Parallels Desktop version 20.x, update to version 20.2.2 or later.

Fix

LPE

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2026-02087

CVE-2025-30074

Affected Products

Parallels Desktop

PT-2025-11374 · Alludo · Parallels Desktop

CVE-2025-30074

Weakness Enumeration

Related Identifiers

Affected Products

References · 9