Exploitable Vulnerability in Oracle VM VirtualBox by Oracle
CVE-2025-61759

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Vm Virtualbox
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-61759?

A vulnerability exists in Oracle VM VirtualBox that enables low-privileged attackers with access to the infrastructure to exploit the software. Affected versions, including 7.1.12 and 7.2.2, can lead to unauthorized access to sensitive information or full access to all data within the Oracle VM VirtualBox environment. This issue not only compromises Oracle VM VirtualBox but could also potentially impact interconnected systems.

Affected Version(s)

Oracle VM VirtualBox 7.1.12

Oracle VM VirtualBox 7.2.2

References

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Sep 30, 2025

JSON