CVE-2025-21571: 
VirtualBox vulnerability analysis and mitigation

A vulnerability has been identified in Oracle VM VirtualBox (CVE-2025-21571) affecting versions prior to 7.0.24 and prior to 7.1.6. This vulnerability is present in the Core component of Oracle Virtualization. The vulnerability was disclosed on January 21, 2025, and has been assigned a CVSS 3.1 Base Score of 7.3 (Oracle CPU, NVD).

The vulnerability is easily exploitable and requires a high-privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox executes. The vulnerability has been assigned the following CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L, indicating local access, low attack complexity, high privileges required, no user interaction, and a changed scope (NVD).

Successful exploitation of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data, unauthorized read access to a subset of Oracle VM VirtualBox accessible data, and unauthorized ability to cause a partial denial of service. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products due to scope change (Oracle CPU).

Oracle has released patches for this vulnerability in VirtualBox versions 7.0.24 and 7.1.6. Users are strongly advised to update to these or later versions to mitigate the vulnerability (Oracle CPU).