CVE-2025-30725

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Apr 15, 2025

Updated: Apr 21, 2025

CWE ID 400

Summary

CVE-2025-30725 is a high-privileged vulnerability affecting Oracle VM VirtualBox version 7.1.6. This issue, located in the product's core component, can be exploited by an attacker with logon access to the infrastructure. The impact of successful attacks extends beyond Oracle VM VirtualBox, potentially affecting additional products. Attackers may cause a hang or frequent crashes of Oracle VM VirtualBox, and gain unauthorized access to update, insert, or delete data, as well as read a subset of data. The CVSS Base Score is 6.7, with Confidentiality, Integrity, and Availability impacts. The vulnerability vector is (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Oracle VM Virtualbox

Affected Vendors

Oracle

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners