Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-21571

Опубликовано: 21 янв. 2025
Источник: nvd
CVSS3: 7.3
EPSS Низкий

Описание

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.0.24 (исключая)
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Версия от 7.1.0 (включая) до 7.1.6 (исключая)

EPSS

Процентиль: 2%
0.00014
Низкий

7.3 High

CVSS3

Дефекты

CWE-732

Связанные уязвимости

ubuntu логотип

CVE-2025-21571

CVSS3: 7.3
ubuntu
5 месяцев назад

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L).

debian логотип

CVE-2025-21571

CVSS3: 7.3
debian
5 месяцев назад

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...

github логотип

GHSA-hff9-h4r4-2q74

CVSS3: 7.3
github
5 месяцев назад

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L).

fstec логотип

BDU:2025-03464

CVSS3: 7.3
fstec
5 месяцев назад

Уязвимость компонента Core среды виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и вызвать отказ в обслуживании

redos логотип

ROS-20250219-05

CVSS3: 7.3
redos
4 месяца назад

Множественные уязвимости VirtualBox

EPSS

Процентиль: 2%
0.00014
Низкий

7.3 High

CVSS3

Дефекты

CWE-732