CVE-2025-31359 is a high-severity directory traversal vulnerability identified in Parallels Desktop for Mac version 20.2.2 (build 55879). The flaw exists within the PVMP package unpacking functionality, where improper limitation of pathname inputs allows an attacker to traverse directories beyond the intended extraction path. This vulnerability is categorized under CWE-22, which involves insufficient validation of file paths leading to unauthorized file system access. Exploitation enables an attacker with limited privileges (PR:L) and no user interaction (UI:N) to write arbitrary files to the host system. Given the vulnerability's scope (S:C), successful exploitation can compromise confidentiality, integrity, and availability of the affected system, potentially leading to privilege escalation. The CVSS 3.1 base score of 8.8 reflects the high impact and relative ease of exploitation, requiring only local access with low complexity. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk to users of the affected Parallels Desktop version. Parallels Desktop is widely used for running virtual machines on macOS, often in professional and development environments, making this vulnerability particularly concerning for environments where sensitive data or critical applications are hosted within virtual machines or on the host Mac itself.

For European organizations, the impact of this vulnerability can be substantial. Many enterprises and developers in Europe rely on Parallels Desktop for Mac to run Windows or Linux virtual machines for software development, testing, or legacy application support. Exploitation could allow attackers to escape the virtual environment and write malicious files to the host macOS system, potentially escalating privileges and compromising sensitive corporate data or intellectual property. This could lead to data breaches, disruption of business operations, or further lateral movement within corporate networks. Organizations in sectors such as finance, technology, and research, which often use macOS workstations with virtualization, may face increased risk. Additionally, the vulnerability could be leveraged in targeted attacks against high-value individuals or organizations, especially given the lack of required user interaction and the high impact on confidentiality, integrity, and availability.

To mitigate this vulnerability, European organizations should: 1) Immediately update Parallels Desktop for Mac to a patched version once available from the vendor, as no patch links are currently provided but should be prioritized upon release. 2) Restrict local access to systems running vulnerable versions by enforcing strict access controls and limiting administrative privileges to trusted personnel only. 3) Monitor systems for unusual file system activity indicative of exploitation attempts, particularly unexpected file writes outside normal directories. 4) Employ application whitelisting and endpoint detection and response (EDR) solutions to detect and block unauthorized modifications to critical system files. 5) Educate users about the risks of running untrusted virtual machine packages or files that could trigger the unpacking functionality. 6) Consider isolating macOS systems running Parallels Desktop in segmented network zones to reduce potential lateral movement if compromise occurs. 7) Regularly audit and review virtualization software configurations and logs for signs of exploitation attempts.