CVE-2025-61760

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.12 and 7.2.2

Description A difficult-to-exploit issue exists in the Oracle VM VirtualBox product, specifically within the Core component. A low-privileged attacker with access to the system where Oracle VM VirtualBox is running can compromise the software. Exploitation requires interaction from another person and may impact other products. Successful exploitation can lead to a takeover of Oracle VM VirtualBox. The issue involves a stack buffer overflow in the virtioCoreR3VirtqInfo function of the VBoxManage debugvm command.

Recommendations Update Oracle VM VirtualBox to a version that addresses this issue.

Fix

Improper Access Control

Stack Overflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-121CWE-20

Related Identifiers

BDU:2025-10635

CVE-2025-61760

Affected Products

Virtualbox

Red Os

CVE-2025-61760

Weakness Enumeration

Related Identifiers

Affected Products

References · 20