PT-2025-43005 · Oracle+1 · Virtualbox+1

Published

2025-10-21

Updated

2026-01-27

CVE-2025-62641

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.12 and 7.2.2

Description An easily exploitable flaw exists in the Core component of Oracle VM VirtualBox. A high-privileged attacker with access to the system where Oracle VM VirtualBox is running can compromise the software. Successful exploitation may lead to a complete takeover of Oracle VM VirtualBox and potentially impact other products.

Recommendations Versions prior to 7.1.12 and 7.2.2 are affected. Update Oracle VM VirtualBox to a version later than 7.2.2.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-267

Related Identifiers

BDU:2025-13299

CVE-2025-62641

ZDI-25-961

Affected Products

Virtualbox

Red Os

PT-2025-43005 · Oracle+1 · Virtualbox+1

CVE-2025-62641

Weakness Enumeration

Related Identifiers

Affected Products

References · 23