CVE-2025-54189: 
Adobe Substance 3D Painter vulnerability analysis and mitigation

A privilege escalation vulnerability (CVE-2024-54189) was discovered in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). The vulnerability was disclosed on June 3, 2025, and was discovered by KPC of Cisco Talos. The vulnerability affects the Parallels Desktop application, which is a desktop virtualization software that allows users to run macOS, Windows, or Linux virtual machines on Mac systems (Talos Report).

The vulnerability exists in the prldispservice, which runs with root privileges and manages communication between macOS, Parallels Desktop, and virtual machines. When a snapshot of a virtual machine is taken, the service writes details about the snapshot to a snapshot.xml file in the VM directory owned by a normal user. The vulnerability has been assigned a CVSS v3.1 score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is classified under CWE-62 (UNIX Hard Link) (Talos Report).

The vulnerability allows a low-privilege user to potentially overwrite arbitrary files and escalate their privileges to those of a root user. By exploiting this vulnerability, an attacker can write to arbitrary files owned by root, potentially performing privileged actions such as modifying system files or gaining unauthorized administrative access (Talos Report).

The vulnerability was patched by the vendor on April 17, 2025. Users should update to a version newer than Parallels Desktop for Mac version 20.1.1 (build 55740) to mitigate this vulnerability (Talos Report).