CVE-2025-6812 ‒ Parallels Client Local Privilege Escalation Vulnerability
Authored by:
Metrics: cve.org
Description
The AppServer service installed with Parallel Client searches for an OpenSSL config file in an unsecured location, which allowed low privileged users to escalate their privileges.
Vulnerability
The vulnerability allows low privileged users with access to the system to escalate their privileges.
The issue is that the AppServer service searches for an OpenSSL configuration file in a location that a low privileged user can create files in. By creating the configuration file an attacker could execute code in the context of the service.
Mitigations
Update to the latest release.
Timeline
| Date | Action |
|---|---|
| 15.10.2024 | Vulnerability reported to vendor |
| 07.07.2025 | Coordinated public release of advisory |
References
Share: