Core Vulnerability in Oracle VM VirtualBox by Oracle
CVE-2025-62641

8.2HIGH

Key Information:

Vendor: Oracle
Status: Oracle Vm Virtualbox
Vendor: CVE Published:; 21 October 2025

Badges

🔥 Trending now📈 Trended📈 Score: 6,220📰 News Worthy

What is CVE-2025-62641?

CVE-2025-62641 is a notable vulnerability present in Oracle VM VirtualBox, a popular virtualization software developed by Oracle. This platform is widely used for running multiple operating systems on a single physical machine, providing users with the flexibility and efficiency necessary for development, testing, and deployment. The vulnerability has been ranked with a CVSS score of 8.2, categorizing it as high risk due to its potential to be easily exploited by an attacker who has access to the environment where Oracle VM VirtualBox operates.

The core issue allows a high-privileged attacker to exploit the vulnerability if they possess logon credentials to the infrastructure hosting Oracle VM VirtualBox. If successfully exploited, the vulnerability can lead to a complete takeover of Oracle VM VirtualBox, compromising not only the integrity and confidentiality of the data and applications running in these environments but also affecting the surrounding systems and services that rely on VirtualBox for virtualization.

Potential impact of CVE-2025-62641

System Compromise: Successful exploitation of CVE-2025-62641 could allow attackers to gain unauthorized control over the Oracle VM VirtualBox environment. This could enable them to manipulate virtual machines and potentially reach sensitive data or critical applications.
Data Integrity and Confidentiality Risks: With the potential takeover of Oracle VM VirtualBox, attackers could manipulate or exfiltrate sensitive data from virtual machines, leading to severe breaches of data integrity and confidentiality that could impact organizations’ operations and their compliance with data protection regulations.
Wider Scope of Attack: Although the vulnerability resides within Oracle VM VirtualBox, its successful exploitation may create a pathway for attackers to impact additional interconnected systems and services. This scope change can escalate risks beyond the immediate virtualization environment, leading to possible lateral movement within an organization’s IT infrastructure.

Affected Version(s)

Oracle VM VirtualBox 7.1.12

Oracle VM VirtualBox 7.2.2

News Articles

BornCity

CVE-2025-62641

Virtualbox 7.1.12 and 7.2.2: Vulnerability CVE-2025-62641 | Born's Tech and Windows World

[German]It has just been announced that Virtualbox 7.1.12 and 7.2.2 contain the CVE-2025-62641 vulnerability. This could allow attackers to take over the host. There are also other vulnerabilities in these...

3 days ago

References

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by BornCity
Oct 25, 2025
📈
Vulnerability started trending
Oct 23, 2025
Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Oct 17, 2025

JSON