2 matches found
CVE-2025-0413
Parallels Desktop is affected by CVE-2025-0413 in the Technical Data Reporter component. The flaw lets a local attacker with low privileges abuse symbolic links to change file permissions, enabling privilege escalation to root and potentially arbitrary code execution. Exploitation requires local ...
CVE-2023-45894
CVE-2023-45894 affects the Parallels Remote Application Server (RAS). The vulnerability stems from the RAS not segmenting virtualized applications from the server, enabling a remote attacker to achieve remote code execution via kiosk-breakout techniques on versions prior to 19.2.23975. Reported s...