CVE-2024-52561

Description

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation.

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-708 CWE-708

CWE-59 CWE-59

Affected Products

Vendor	Product	Versions
parallels	parallels_desktop	All

References

Exploits

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2123 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2123 https://talosintelligence.com/vulnerability_reports/TALOS-2024-2123

Frequently Asked Questions

What is CVE-2024-52561? +

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation. It has a CVSS v3.1 base score of 7.8 (HIGH).

How severe is CVE-2024-52561? +

CVE-2024-52561 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-52561? +

CVE-2024-52561 affects products from parallels, specifically: parallels_desktop. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-52561? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-40196 8.1

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained …

CVE-2023-29122 6.7

Under certain conditions, access to service libraries is granted to account they should not have access to.

CVE-2024-41773 6.5

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper …

CVE-2024-45417 6.0

Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user …

CVE-2024-45426 4.9

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network …

CVE-2025-14262 4.3

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other …