< NULLCON Goa - 2026 />

About the Speaker

CFP Day Zero Registration Training Speakers Sponsors Venue
GO BACK
img
Kandi Abhishek Reddy
Technical Lead Nokia
img
Alla Vamsi Krishna
Project Assistant Indian Institute of Science, Bengaluru
img
Sahithi Rajasekaran
Product Reliability Engineer Visa

< Talk Title />

The Meltdown Moment: CVE-2025-21533 - A Speculative Store Bypass in Oracle VirtualBox

< Talk Category />

Technical Speaker

< Talk Abstract />

The presentation Talk will explore how Modern day computer processors are highly complex systems. At the core they execute a sequence of instructions and store results into memory. Just as Meltdown and Spectre vulnerabilities have exposed critical flaws in modern day processors, Our newly discovered
vulnerability (CVE-2025-21533) in Oracle VM VirtualBox exposes a security risk in affected versions prior to 7.0.24 and 7.1.6. This flaw is located in the core virtualization component, allowing a low-privileged attacker with local access to exploit a speculative store bypass, potentially leading to unauthorized access to sensitive data. Successful exploitation could grant attackers access to critical information processed within VirtualBox environments.

CVE-2025-21533 (aka “Speculative Store Bypass”) opens a new avenue (like Branch Misprediction) which has been exploited via speculative execution and cache-based side channel methods to bypass security measures and access privileged memory in the oracle virtual box.

This vulnerability was disclosed responsibly to Oracle security Team and is currenlty being Analysed for a fix . This Presentation talk emphasizes the importance of securing core virtualization modules and demonstrates how proactive research can uncover and address critical risks in widely used virtulization platforms. Attendees will gain valuable insights into virtulization technlogy , side channel effects and the significance of vulnerability research.

< Speaker Bio />

Kandi Abhishek Reddy

I'm Kandi Abhishek Reddy, I work as a software engineer, Technical lead at Nokia , I am also an Independent Security Researcher. I was an alumni of Team bi0s, a Cybersecurity Research Community. I enjoy finding Security bugs and reporting them ethically. In 2024, I earned a spot on the MSRC Q3 Leaderboard, highlighting the impact in the security space for my vulnerability findings and research. I am always eager to learn and grow in the ever-changing world of technology.  I break into exploits accidentally.

Vamsi Krishna 

I’m Alla Vamsi Krishna, a Research Assistant at IISC , Bangalore .I focus on cloud security, vulnerability research and AI security .

 

Sahithi Rajasekaran

I am Sahithi Rajasekaran, working as Site Reliability Engineer at Visa, Bangalore. I work on building and maintaining Visa’s next generation global payments processing platform, ensuring that services remain reliable, secure and performant under pressure. I focus on Networking and Kubernetes.