AI description
CVE-2025-30712 is a vulnerability in Oracle VM VirtualBox version 7.1.6, specifically within the Core component. It was discovered by CVR of Google and Juan José López Jaimez of Google and publicly disclosed on April 15, 2025. This vulnerability can be exploited by an attacker with high privileges who has logon access to the infrastructure where Oracle VM VirtualBox is running. Successful exploitation could lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to sensitive information within Oracle VM VirtualBox. Furthermore, it could allow an attacker to cause a partial denial of service (DoS). The scope of this vulnerability is broad, potentially impacting other products beyond VirtualBox. Oracle recommends applying the necessary patches as soon as possible and restricting access to the infrastructure where VirtualBox executes.
- Description
- Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
- Source
- secalert_us@oracle.com
- NVD status
- Modified
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 6
- Exploitability score
- 1.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-190
- Hype score
- Not currently trending
I wanted to end last year with a vm escape, took me a bit longer but I want to present you my latest public research: A VM escape in Oracle VirtualBox using only one integer overflow bug! This was fixed in April 15 and assigned CVE-2025-30712. https://t.co/bIIFRoHA1d
@thatjiaozi
15 May 2025
12708 Impressions
61 Retweets
285 Likes
114 Bookmarks
1 Reply
1 Quote
🚨 CVE-2025-30712 🔴 HIGH (8.1) 🏢 Oracle Corporation - Oracle VM VirtualBox 🏗️ 7.1.6 🔗 https://t.co/HmKVfHYw44 #CyberCron #VulnAlert #InfoSec https://t.co/jHWF5l77FD
@cybercronai
16 Apr 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-30712 - Oracle VM VirtualBox - HIGH 🚨 🗓️ Date published 2025-04-15 21:16:00 UTC #OracleVMVirtualBox #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/5ixXKmg8jy
@vulns_space
15 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:vm_virtualbox:71.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BED8FAD7-7930-47DA-8F9C-0206924A33F6"
}
],
"operator": "OR"
}
]
}
]