Cyber Resilience

CVE-2025-30074

High

Published: 16 March 2025

Published
16 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0004 11.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30074 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Parallels Desktop (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-30074 is a privilege escalation vulnerability affecting Alludo Parallels Desktop versions before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms. The flaw, tied to CWE-863 (Incorrect Authorization), occurs in the VM creation routine and enables escalation to root privileges. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) and was published on 2025-03-16.

A local attacker with low privileges on the host macOS system can exploit this vulnerability. Exploitation requires high attack complexity but no user interaction. Success grants high-impact access to confidentiality, integrity, and availability, with a changed scope, allowing the attacker to achieve full root privileges on the Intel-based macOS host.

The Parallels knowledge base advisory at https://kb.parallels.com/en/130944 addresses mitigation by recommending updates to Parallels Desktop 19.4.2 or 20.2.2, which resolve the VM creation routine issue.

EU & UK References

Vulnerability details

Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a local privilege escalation vulnerability (CWE-863) in Parallels Desktop VM creation routine, directly enabling T1068 Exploitation for Privilege Escalation to gain root on the macOS host.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-28951Shared CWE-863
CVE-2026-42432Shared CWE-863
CVE-2024-40771Shared CWE-863
CVE-2026-34972Shared CWE-863
CVE-2025-0360Shared CWE-863
CVE-2026-4639Shared CWE-863
CVE-2026-42429Shared CWE-863
CVE-2026-41404Shared CWE-863
CVE-2020-36969Shared CWE-863
CVE-2026-24428Shared CWE-863

Affected Assets

Parallels
Desktop
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to system resources, directly countering the CWE-863 incorrect authorization flaw in the Parallels VM creation routine that enables root privilege escalation.

prevent

Employs the principle of least privilege to restrict low-privilege local attackers from escalating to root via the vulnerable VM creation process.

prevent

Mandates timely identification, reporting, and correction of system flaws, enabling patching to Parallels Desktop 19.4.2 or 20.2.2 as specified in the vendor advisory.

References