Unauthorized Access Vulnerability in Oracle VM VirtualBox by Oracle
CVE-2025-21571

7.3HIGH

Key Information:

Vendor: Oracle
Status: Oracle Vm Virtualbox
Vendor: CVE Published:; 21 January 2025

Summary

Oracle VM VirtualBox is susceptible to a vulnerability that enables a high-privileged user with logon access to the infrastructure to compromise the application. Attackers can potentially create, delete, or modify critical data, while also gaining unauthorized read access to a subset of data. This vulnerability may lead to partial denial of service, impacting various functionalities. Users of affected versions prior to 7.0.24 and 7.1.6 should implement necessary updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Oracle VM VirtualBox * < 7.0.24

Oracle VM VirtualBox * < 7.1.6

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024