Proof-of-Concept Released Oracle VM VirtualBox


Oracle has released a security update to address a critical vulnerability in Oracle VM VirtualBox. Oracle VM VirtualBox is cross-platform virtualisation software.

CVE-2025-30712 is an ‘improper access control’ vulnerability with a CVSSv3 score of 8.1 that affects the Oracle Virtualisation component of VirtualBox. Successful exploitation could allow an attacker with administrative privileges to gain linear memory access, leading to arbitrary read/write access in the host memory, enabling virtual machine escape. The attacker could gain unauthorised access to all Oracle VM VirtualBox accessible data or critical data and that could lead to a partial denial-of-service (DoS) attack.

Read more…
Source: NHS Digital


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • New zero-day startup offers $20 million for tools that can hack any smartphone

    August 20, 2025

    A new United Arab Emirates-based startup is offering up to $20 million for hacking tools that could help governments break into any smartphone with a text message. Advanced Security Solutions launched this month and is now offering some of the highest prices, at least public ones, in the whole zero-day market. Zero-days are flaws in software ...

  • A clever new Linux malware is breaking into systems and then shutting the door behind it to avoid detection

    August 19, 2025

    A hacker was recently spotted patching someone’s vulnerable cloud Linux instance – but they did not do it out of the goodness of their heart. Security researchers Red Canary observed a threat actor abusing a maximum severity flaw, tracked as CVE-2023-46604, to break into a cloud Linux system. The vulnerability is found in Apache ActiveMQ, and ...

  • Deep dive into CVE‑2025‑29824 in Windows

    August 19, 2025

    On April 8, 2025, Microsoft patched 121 vulnerabilities across its products, including CVE-2025-29824—the only one known to be exploited in the wild. This particular flaw enabled adversaries to escalate Windows privileges by leveraging a bug in the clfs.sys driver. Microsoft Threat Intelligence discovered the issue during the Storm-2460 attacks targeting organizations in Saudi Arabia, Spain, Venezuela, ...

  • Cisco warns of worrying major security flaw in firewall command center – patch now

    August 18, 2025

    Cisco recently fixed a maximum-severity vulnerability in its Secure Firewall Management Center (FMC) product, and urged users to apply either the patch, or the mitigation, as soon as possible. FMC is a centralized platform for configuring, monitoring, and analyzing Cisco Secure Firewalls, where users can manage policies, track threat intelligence, and monitor their deployments across endpoints. ...

  • Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824

    August 18, 2025

    In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824. The exploit for this vulnerability was executed by the PipeMagic malware, which Kaspersky researchers first discovered in December 2022 in a RansomExx ransomware campaign. ...

  • Fortinet Releases Security Advisory for Authentication Bypass Vulnerability

    August 12, 2025

    An authentication bypass using an alternate path or channel vulnerability in FortiOS, FortiProxy & FortiPAM may allow an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager’s serial number. Read more… Source: Fortinet Sign up for the Cyber ...