PT-2025-4255 · Oracle+2 · Virtualbox+2
Kandi Abhishek Reddy
·
Published
2025-01-21
·
Updated
2025-10-10
·
CVE-2025-21533
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle VM VirtualBox versions prior to 7.0.24
Oracle VM VirtualBox versions prior to 7.1.6
Description
The issue is related to insufficient authorization mechanisms in the Core component of Oracle VM VirtualBox. Exploitation of this issue can allow an attacker to gain privileged access to the infrastructure where Oracle VM VirtualBox is executed. Successful attacks can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.
Recommendations
For Oracle VM VirtualBox versions prior to 7.0.24, update to version 7.0.24 or later.
For Oracle VM VirtualBox versions prior to 7.1.6, update to version 7.1.6 or later.
As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox until a patch is available.
Fix
LPE
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Virtualbox
Red Os