CVE-2025-61759
📊 6.5 MEDIUM⚡ 0.0%🎯 0 exploits
📅 Published Oct 21, 2025
📋 Status: Analyzed
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
2 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | oracle | vm virtualbox | 7.1.12 | Vulnerable | cpe:2.3:a:oracle:vm_virtualbox:7.1.12:*:*:*:*:*:*:* |
📱App | oracle | vm virtualbox | 7.2.2 | Vulnerable | cpe:2.3:a:oracle:vm_virtualbox:7.2.2:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: 7.1.12
CPE:
cpe:2.3:a:oracle:vm_virtualbox:7.1.12:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 7.2.2
CPE:
cpe:2.3:a:oracle:vm_virtualbox:7.2.2:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector:
LOCAL
Complexity:
LOW
Privileges:
LOW
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
NONE
Availability:
NONE
Scope:
CHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
6.5 (MEDIUM)v3.1
Source: [email protected]
EPSS Details
0.0% (Minimal)4.2th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Oct 21, 2025 (11 days ago)
Last Modified
Oct 23, 2025 (9 days ago)
Security Weaknesses1
CWE-269
References2
NVDgeneral