CVE-2025-55740: 
vulnerability analysis and mitigation

A privilege escalation vulnerability (CVE-2025-55740) exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). The vulnerability is related to the use of hard-coded credentials in configuration files, which could allow attackers with network access to gain administrative control (GitHub Advisory).

The vulnerability is classified with a CVSS v3.1 base score of 6.5 (Moderate severity), with the following metrics: Attack Vector: Network, Attack Complexity: Low, Privileges Required: None, User Interaction: None, Scope: Unchanged, Confidentiality: Low, Integrity: Low, Availability: None. The weakness is categorized as CWE-798 (Use of Hard-coded Credentials), involving the presence of hard-coded credentials used for authentication and system access (GitHub Advisory).

If exploited, attackers with network access could gain administrative control of the system, bypassing security protections. This affects all users who deploy the software with default credentials and expose the admin interface to untrusted networks (GitHub Advisory).

Users can remediate the vulnerability by manually changing all default credentials in configuration files before deployment. The issue has been addressed in version 1.5.0 and later, with startup warnings added if default credentials are detected. It is recommended to restrict access to the admin interface and use environment variables for secrets. Full patching will be available in v1.7.0 and later (GitHub Advisory).