Core Vulnerability in Oracle VM VirtualBox by Oracle
CVE-2025-61760

7.5HIGH

Key Information:

Vendor

Oracle
Status
Oracle Vm Virtualbox
Vendor
CVE Published:
21 October 2025

What is CVE-2025-61760?

A vulnerability exists in Oracle VM VirtualBox, allowing a low-privileged attacker with access to the environment where it runs to exploit the system. This exploitation requires user interaction from an individual other than the attacker, and though it specifically targets Oracle VM VirtualBox, successful attacks might have broader implications on associated products. The potential outcomes of an attack could include unauthorized control over Oracle VM VirtualBox, thus raising concerns about confidentiality, integrity, and availability.

Affected Version(s)

Oracle VM VirtualBox 7.1.12

Oracle VM VirtualBox 7.2.2

References

https://www.oracle.com/security-alerts/cpuoct2025.html
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61760 : Core Vulnerability in Oracle VM VirtualBox by Oracle