CVE-2025-53029
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-16
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | vm_virtualbox | 7.1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Oracle VM VirtualBox version 7.1.10, specifically in its core component. It allows a highly privileged attacker who already has logon access to the infrastructure running Oracle VM VirtualBox to exploit the system. The attacker can then compromise Oracle VM VirtualBox and gain unauthorized read access to some of the data accessible by Oracle VM VirtualBox.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of some data within Oracle VM VirtualBox. Although the impact is limited to confidentiality and the base CVSS score is low (2.3), it means sensitive information could be read by an attacker with high privileges, potentially leading to information leakage.