CVE-2025-30725

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H).

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.3

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpuapr2025.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:vm_virtualbox:7.1.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-04-15 21:16

Updated : 2025-04-21 19:55

NVD link : CVE-2025-30725

Mitre link : CVE-2025-30725

CVE.ORG link : CVE-2025-30725

JSON object : View

Products Affected

oracle

vm_virtualbox

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2025-30725", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 0.8}]}, "published": "2025-04-15T21:16:02.217", "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2025.html", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). La versi\u00f3n compatible afectada es la 7.1.6. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con privilegios elevados iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle VM VirtualBox comprometer Oracle VM VirtualBox. Si bien la vulnerabilidad se encuentra en Oracle VM VirtualBox, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo de Oracle VM VirtualBox, as\u00ed como actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle VM VirtualBox y accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 6.7 (Afecta a la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H)."}], "lastModified": "2025-04-21T19:55:50.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:vm_virtualbox:7.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52DB515F-F899-4637-BB15-A01765D3E9B1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}