CVE-2025-30725

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H).

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.3

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpuapr2025.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:vm_virtualbox:7.1.6:*:*:*:*:*:*:*

History

21 Apr 2025, 19:55

Type	Values Removed	Values Added
First Time		Oracle Oracle vm Virtualbox
References	~~() https://www.oracle.com/security-alerts/cpuapr2025.html -~~	() https://www.oracle.com/security-alerts/cpuapr2025.html - Patch, Vendor Advisory
CPE		cpe:2.3:a:oracle:vm_virtualbox:7.1.6:::::::*

16 Apr 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-400

16 Apr 2025, 13:25

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). La versión compatible afectada es la 7.1.6. Esta vulnerabilidad, difícil de explotar, permite a un atacante con privilegios elevados iniciar sesión en la infraestructura donde se ejecuta Oracle VM VirtualBox comprometer Oracle VM VirtualBox. Si bien la vulnerabilidad se encuentra en Oracle VM VirtualBox, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo de Oracle VM VirtualBox, así como actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle VM VirtualBox y accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuación base de CVSS 3.1: 6.7 (Afecta a la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H).

15 Apr 2025, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-15 21:16

Updated : 2025-04-21 19:55

NVD link : CVE-2025-30725

Mitre link : CVE-2025-30725

CVE.ORG link : CVE-2025-30725

JSON object : View

Products Affected

oracle

vm_virtualbox

CWE

CWE-400

Uncontrolled Resource Consumption

6.7 /10