Oracle has released a security update to address a critical vulnerability in Oracle VM VirtualBox. Oracle VM VirtualBox is cross-platform virtualisation software.
CVE-2025-30712 is an ‘improper access control’ vulnerability with a CVSSv3 score of 8.1 that affects the Oracle Virtualisation component of VirtualBox. Successful exploitation could allow an attacker with administrative privileges to gain linear memory access, leading to arbitrary read/write access in the host memory, enabling virtual machine escape. The attacker could gain unauthorised access to all Oracle VM VirtualBox accessible data or critical data and that could lead to a partial denial-of-service (DoS) attack.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- NFC fraud threatens Philippines digital payments security
July 8, 2025
As contactless payments and digital wallets grow quickly in the Philippines, cyber-criminals are now targeting the country by abusing Near Field Communication (NFC) technologies. Resecurity, a global leader in cyber threat intelligence, issued a stark warning, urging Philippine regulators and financial institutions to heighten their defenses amid an alarming increase in NFC-enabled fraud, particularly from ...
- Several major Linux distros hit by serious Sudo security flaws
July 7, 2025
Two vulnerabilities were recently spotted in various Linux distributions which, when chained together, allow local attackers to escalate their privileges and thus run arbitrary files. The vulnerabilities are tracked as CVE-2025-32462 (severity score 2.8/10 – low severity), and CVE-2025-32463 (severity score 9.3/10 critical), and were found in the Sudo command-line utility for Linux and other Unix-like ...
- Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
July 3, 2025
In March 2025, Apache disclosed CVE-2025-24813, a vulnerability impacting Apache Tomcat. This is a widely used platform that allows Apache web servers to run Java-based web applications. The flaw allows remote code execution, affecting Apache Tomcat versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34 and 11.0.0-M1 to 11.0.2. The same month, Apache revealed two additional vulnerabilities in ...
- Google Releases Security Updates for Chrome
July 1, 2025
Google has released updates to Chrome stable channels to address a high severity vulnerability. CVE-2025-6554 is a “type confusion” vulnerability in the V8 JavaScript browser engine. An attacker could exploit this vulnerability to perform arbitrary read/write by convincing a user to visit a malicious HTML page. Google is aware that an exploit for CVE-2025-6554 exists in ...
- Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)
June 30, 2025
During security testing, Rapid7 discovered that Konica Minolta bizhub 227 Multifunction printers (MFPs) were vulnerable to a pass-back attack. The affected products identified were: Konica Minolta bizhub MFPs Firmware Version: GCQ-Y3 and earlier This issue has been assigned the following CVEs: CVE-2025-6081: LDAP pass-back vulnerability The Konica Minolta bizhub Multifunction printer (MFP) is an all-in-one enterprise printer designed ...
- Bluetooth security flaw could let hackers spy on your device via microphone
June 30, 2025
Security researchers have uncovered three vulnerabilities in a Bluetooth chipset present in dozens of devices from multiple manufacturers. The vulnerabilities, they say, can be exploited to eavesdrop on people’s conversations, steal call history and contacts information, and possibly even deploy malware on vulnerable devices. However, exploiting the flaws for these purposes is quite difficult, so practical ...

