Source: virtualbox X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for virtualbox. CVE-2025-21533[0]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). Supported versions that are | affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable | vulnerability allows low privileged attacker with logon to the | infrastructure where Oracle VM VirtualBox executes to compromise | Oracle VM VirtualBox. Successful attacks of this vulnerability can | result in unauthorized access to critical data or complete access | to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.5 | (Confidentiality impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). CVE-2025-21571[1]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). Supported versions that are | affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable | vulnerability allows high privileged attacker with logon to the | infrastructure where Oracle VM VirtualBox executes to compromise | Oracle VM VirtualBox. While the vulnerability is in Oracle VM | VirtualBox, attacks may significantly impact additional products | (scope change). Successful attacks of this vulnerability can result | in unauthorized creation, deletion or modification access to | critical data or all Oracle VM VirtualBox accessible data as well as | unauthorized read access to a subset of Oracle VM VirtualBox | accessible data and unauthorized ability to cause a partial denial | of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base | Score 7.3 (Confidentiality, Integrity and Availability impacts). | CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-21533 https://www.cve.org/CVERecord?id=CVE-2025-21533 [1] https://security-tracker.debian.org/tracker/CVE-2025-21571 https://www.cve.org/CVERecord?id=CVE-2025-21571 Please adjust the affected versions in the BTS as needed.
