CVE-2025-31359
A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Parallels Desktop for Mac 20.2.2 (55879)
Parallels Desktop for Mac - https://www.parallels.com/products/desktop/
8.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
Parallels Desktop for Mac is an application that provides desktop virtualization, allowing users to run macOS, Windows, or Linux virtual machines on a Mac. It offers tools to create, configure, and manage virtual machines effectively.
prl_disp_service is a Parallels Desktop service responsible for managing communication between macOS, Parallels Desktop, and virtual machines. This service operates with root privileges.
Parallels Desktop includes a feature that enables the transfer of a virtual machine (VM) to another Mac machine by packaging the VM in a proprietary .pvmp format. This is accomplished by right-clicking the virtual machine intended for transfer and selecting Prepare for Transfer.
Similarly, once the transfer is complete, the packaged file can be opened using the Parallels application. When the package appears in the Parallels Desktop Control Center, right-click the package and select Open Package to begin unpacking the virtual machine.
Internally, this task is performed by the prl_disp_service, which runs the prl_packer_inplace executable with root privileges to create a VM from the .pvmp package file.
The unpacking process is vulnerable to a directory traversal vulnerability if the package file includes a file path containing directory traversal characters, such as ../ (dot-dot-slash).
To exploit this vulnerability, a file path with directory traversal characters can be added before transferring the package file by using the push command line argument of prl_packer_inplace. The following outlines the different arguments that the push option supports:
/Applications/Parallels\ Desktop.app/Contents/MacOS/prl_packer_inplace --help
prl_packer_inplace version 20.2.2 (55879)
Usage:
prl_packer_inplace <operation> [<arguments>...]
<operation> :
[...]
push ............... append the specified entry to the end of the packed file.
mandatory arguments:
-p, --packed-file <path to packed file> path to the packed file.
-e, --entry <path to entry> resulting path of the inserted entry.
-f, --entry-file <path to file> path to the dir or file, containing entry data.
Here, -e takes path name which will contain the directory traversal character, while -f specifies the actual file from which data will be consumed during the push operation. The following example demonstrates how attacker.plist, with the file path Debian_1.pvm.tmp/../../../../../../Library/LaunchDaemons/com.example.update.attack.plist, is pushed to the Debian_1.pvmp package.
"/Applications/Parallels Desktop.app/Contents/MacOS/prl_packer_inplace" push -p Debian_1.pvmp -e Debian_1.pvm.tmp/../../../../../../Library/LaunchDaemons/com.example.update.attack.plist -f attacker.plist
When Debian_1.pvmp is unpacked, a launch daemon is created at Library/LaunchDaemons/com.example.update.attack.plist.
By exploiting this vulnerability, a low-privilege user can potentially overwrite arbitrary files and escalate their privileges to those of a root user.
2025-04-07 - Vendor Disclosure
2025-04-17 - Vendor Patch Release
2025-06-03 - Public Release
Discovered by KPC of Cisco Talos.