Core Vulnerability in Oracle VM VirtualBox by Oracle
CVE-2025-61760

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Vm Virtualbox
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-61760?

A vulnerability exists in Oracle VM VirtualBox, allowing a low-privileged attacker with access to the environment where it runs to exploit the system. This exploitation requires user interaction from an individual other than the attacker, and though it specifically targets Oracle VM VirtualBox, successful attacks might have broader implications on associated products. The potential outcomes of an attack could include unauthorized control over Oracle VM VirtualBox, thus raising concerns about confidentiality, integrity, and availability.

Affected Version(s)

Oracle VM VirtualBox 7.1.12

Oracle VM VirtualBox 7.2.2

References

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Sep 30, 2025

JSON