Vulnerability in Oracle VM VirtualBox Product by Oracle
CVE-2025-30712

8.1HIGH

Key Information:

Vendor: Oracle
Status: Oracle Vm Virtualbox
Vendor: CVE Published:; 15 April 2025

Badges

📈 Trended📈 Score: 1,490👾 Exploit Exists🟡 Public PoC

What is CVE-2025-30712?

CVE-2025-30712 is a significant vulnerability identified in Oracle VM VirtualBox, a widely utilized virtualization product that allows users to run multiple operating systems on a single physical machine. This flaw exists within the core component of VirtualBox version 7.1.6 and can be easily exploited by a high-privileged attacker who has access to the infrastructure where VirtualBox is deployed. The vulnerability poses a risk of unauthorized actions, including the creation, deletion, or modification of critical data accessible via Oracle VM VirtualBox. Moreover, it allows for unauthorized access to sensitive information, which could compromise the integrity and confidentiality of the virtualized environments. The implications of this vulnerability can extend beyond VirtualBox, potentially affecting additional products integrated with Oracle virtualization due to a change in the operational scope, raising concerns for organizations leveraging this technology.

Potential Impact of CVE-2025-30712

Unauthorized Data Access and Modification: Successful exploitation of this vulnerability can grant attackers unauthorized access to critical data stored within Oracle VM VirtualBox, allowing them to modify or delete important information, which can lead to significant operational disruptions and data integrity issues.
Partial Denial of Service: The vulnerability also opens the door for attackers to cause a partial denial of service (DoS) within Oracle VM VirtualBox, limiting the availability of virtual machines and services running on the affected infrastructure, which could severely impact business operations that depend on these systems.
Broader System Vulnerability: Given the potential for scope changes, the exploitation of CVE-2025-30712 may not only compromise Oracle VM VirtualBox but also affect other interconnected systems and applications, resulting in a wider security breach and complicating the mitigation efforts for organizations reliant on this virtualization technology.

Affected Version(s)

Oracle VM VirtualBox 7.1.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-30712-_PoC
Created by jamesb5959

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 26, 2025
👾
Exploit known to exist
Jun 26, 2025
📈
Vulnerability started trending
May 18, 2025
Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025