CVE-2025-62592

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.12 and 7.2.2

Description An issue exists in the qemuFwCfgMmioRead function within the Box/Devices/PC/DevQemuFwCfg.cpp component of Oracle VM VirtualBox. This relates to an integer overflow condition. Exploitation may allow an attacker to gain unauthorized access to protected information. The vulnerability is easily exploitable and requires high privileges to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. The issue was identified during analysis of the QemuRamFB component, which allows reading an unlimited amount of memory outside of the array bounds.

Recommendations Versions prior to 7.1.12 and 7.2.2 are affected. Update to a newer version to address the vulnerability.