CVE-2025-31359

{"id": "CVE-2025-31359", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2025-06-03T10:15:22.240", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2160", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2160", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2160", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation."}, {"lang": "es", "value": "Existe una vulnerabilidad de directory traversal en la funci\u00f3n de desempaquetado de paquetes PVMP de Parallels Desktop para Mac versi\u00f3n 20.2.2 (55879). Un atacante puede explotar esta vulnerabilidad para escribir en archivos arbitrarios, lo que podr\u00eda provocar una escalada de privilegios."}], "lastModified": "2025-07-02T14:47:25.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:parallels:parallels_desktop:20.2.2_\\(55879\\):*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "C37E9DDE-6C53-4746-BABC-8F0E01C9653C"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}