Package: virtualbox X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for virtualbox. CVE-2025-53024[0]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). The supported version that is | affected is 7.1.10. Easily exploitable vulnerability allows high | privileged attacker with logon to the infrastructure where Oracle VM | VirtualBox executes to compromise Oracle VM VirtualBox. While the | vulnerability is in Oracle VM VirtualBox, attacks may significantly | impact additional products (scope change). Successful attacks of | this vulnerability can result in takeover of Oracle VM VirtualBox. | CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2025-53025[1]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). The supported version that is | affected is 7.1.10. Easily exploitable vulnerability allows high | privileged attacker with logon to the infrastructure where Oracle VM | VirtualBox executes to compromise Oracle VM VirtualBox. While the | vulnerability is in Oracle VM VirtualBox, attacks may significantly | impact additional products (scope change). Successful attacks of | this vulnerability can result in unauthorized access to critical | data or complete access to all Oracle VM VirtualBox accessible data. | CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2025-53026[2]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). The supported version that is | affected is 7.1.10. Easily exploitable vulnerability allows high | privileged attacker with logon to the infrastructure where Oracle VM | VirtualBox executes to compromise Oracle VM VirtualBox. While the | vulnerability is in Oracle VM VirtualBox, attacks may significantly | impact additional products (scope change). Successful attacks of | this vulnerability can result in unauthorized access to critical | data or complete access to all Oracle VM VirtualBox accessible data. | CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2025-53027[3]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). The supported version that is | affected is 7.1.10. Easily exploitable vulnerability allows high | privileged attacker with logon to the infrastructure where Oracle VM | VirtualBox executes to compromise Oracle VM VirtualBox. While the | vulnerability is in Oracle VM VirtualBox, attacks may significantly | impact additional products (scope change). Successful attacks of | this vulnerability can result in takeover of Oracle VM VirtualBox. | CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2025-53028[4]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). The supported version that is | affected is 7.1.10. Easily exploitable vulnerability allows high | privileged attacker with logon to the infrastructure where Oracle VM | VirtualBox executes to compromise Oracle VM VirtualBox. While the | vulnerability is in Oracle VM VirtualBox, attacks may significantly | impact additional products (scope change). Successful attacks of | this vulnerability can result in takeover of Oracle VM VirtualBox. | CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2025-53029[5]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). The supported version that is | affected is 7.1.10. Easily exploitable vulnerability allows high | privileged attacker with logon to the infrastructure where Oracle VM | VirtualBox executes to compromise Oracle VM VirtualBox. Successful | attacks of this vulnerability can result in unauthorized read | access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 | Base Score 2.3 (Confidentiality impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). CVE-2025-53030[6]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). The supported version that is | affected is 7.1.10. Easily exploitable vulnerability allows high | privileged attacker with logon to the infrastructure where Oracle VM | VirtualBox executes to compromise Oracle VM VirtualBox. While the | vulnerability is in Oracle VM VirtualBox, attacks may significantly | impact additional products (scope change). Successful attacks of | this vulnerability can result in unauthorized access to critical | data or complete access to all Oracle VM VirtualBox accessible data. | CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-53024 https://www.cve.org/CVERecord?id=CVE-2025-53024 [1] https://security-tracker.debian.org/tracker/CVE-2025-53025 https://www.cve.org/CVERecord?id=CVE-2025-53025 [2] https://security-tracker.debian.org/tracker/CVE-2025-53026 https://www.cve.org/CVERecord?id=CVE-2025-53026 [3] https://security-tracker.debian.org/tracker/CVE-2025-53027 https://www.cve.org/CVERecord?id=CVE-2025-53027 [4] https://security-tracker.debian.org/tracker/CVE-2025-53028 https://www.cve.org/CVERecord?id=CVE-2025-53028 [5] https://security-tracker.debian.org/tracker/CVE-2025-53029 https://www.cve.org/CVERecord?id=CVE-2025-53029 [6] https://security-tracker.debian.org/tracker/CVE-2025-53030 https://www.cve.org/CVERecord?id=CVE-2025-53030 Please adjust the affected versions in the BTS as needed.
