CVE-2025-30725

15.04.2025, 21:16

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as  unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.7 MEDIUM	LOCAL	HIGH	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
oracle	CNA	6.7 MEDIUM	LOCAL	HIGH	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
oracle	vm_virtualbox	7.1.6

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

virtualbox

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://www.oracle.com/security-alerts/cpuapr2025.html