Proof-of-Concept Released Oracle VM VirtualBox


Oracle has released a security update to address a critical vulnerability in Oracle VM VirtualBox. Oracle VM VirtualBox is cross-platform virtualisation software.

CVE-2025-30712 is an ‘improper access control’ vulnerability with a CVSSv3 score of 8.1 that affects the Oracle Virtualisation component of VirtualBox. Successful exploitation could allow an attacker with administrative privileges to gain linear memory access, leading to arbitrary read/write access in the host memory, enabling virtual machine escape. The attacker could gain unauthorised access to all Oracle VM VirtualBox accessible data or critical data and that could lead to a partial denial-of-service (DoS) attack.

Read more…
Source: NHS Digital


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Google Releases Security Updates for Chrome

    June 3, 2025

    Google has released version 137.0.7151.68/.69 for Chrome for Windows and Mac and 137.0.7151.68 for Chrome for Linux which will roll out over the coming days/weeks. The updates address two high severity vulnerabilities in the V8 JavaScript engine. CVE-2025-5419 has a CVSSv3 score of 8.8 and is an “out of bounds read and write” vulnerability in V8 ...

  • Key Linux systems may have security flaws which allow password theft

    June 2, 2025

    Cybersecurity researchers from Qualys have discovered two information disclosure vulnerabilities plaguing different Linux distros. The flaws, both of which are race condition bugs, allow threat actors to gain access to sensitive information. The first one is found in Ubuntu’s core dump-handler, Apport, and is tracked as CVE-2025-5054. The second one is found in the default core-dump ...

  • Vanta bug exposed customers’ data to other customers

    June 2, 2025

    Compliance company Vanta has confirmed that a bug exposed the private data of some of its customers to other Vanta customers. The company told TechCrunch that the data exposure was a result of a product code change and not caused by an intrusion. Vanta, which helps corporate customers automate their security and compliance processes, said it ...

  • Exploits and vulnerabilities in Q1 2025

    May 30, 2025

    The first quarter of 2025, like previous ones, demonstrates a significant number of newly documented vulnerabilities. The trend largely mirrors previous years, so we will focus on new data that can be collected for the most popular platforms. This report examines the characteristics of vulnerabilities in the Linux operating system and Microsoft software, specifically the Windows ...

  • Santesoft Releases Security Update for Sante DICOM Viewer Pro

    May 30, 2025

    The US Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) Medical Advisory for a vulnerability in Santesoft Sante DICOM Viewer Pro. Sante DICOM Viewer Pro is an application for viewing, processing, and editing DICOM-format medical images. CVE-2025-5307 has a CVSSv4 score of 8.4 and is an ‘out-of-bounds read’ vulnerability, which means ...

  • A third of UK fintechs put customers data at risk of cyber attack

    May 29, 2025

    UK fintechs are putting thousands of customers in jeopardy by leaving themselves vulnerable to a cyber attack, shocking new research reveals. Nearly 800 firms’ digital presence was analysed by the ethical hacking platform Ethiack as it scrutinised their cybersecurity. Four in ten fintechs were found to be giving hackers a “powerful headstart” by revealing software details ...