CVE Alert: CVE-2025-61760 - Oracle Corporation - Oracle VM VirtualBox

CVE-2025-61760

HIGHNo exploitation known

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).

CVSS v3.1 (7.5)

AV LOCAL · AC HIGH · PR LOW · UI REQUIRED · S CHANGED

Vendor

Oracle Corporation

Product

Oracle VM VirtualBox

Versions

7.1.12 | 7.2.2

CWE

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Published

2025-10-21T20:03:12.383Z

Updated

2025-10-21T20:03:12.383Z

References

https://www.oracle.com/security-alerts/cpuoct2025.html

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

Unusual VBoxCore activity or crashes on host logs.
Post-auth or post-interaction spikes in privileged process activity tied to VirtualBox.
Anomalous changes to VirtualBox binaries or services.
System alerting on failed/blocked VM start attempts following user actions.
Vendor advisory references or CVE-registered exploit indicators in security tooling.

Mitigation and prioritisation

Patch to the vendor-released fixed versions and verify in a staging environment before broad rollout.
Enable least-privilege execution, restrict admin rights for hosts with VirtualBox installed.
Segment hosts running VirtualBox from sensitive networks; apply application allowlists.
Monitor for abnormal VM lifecycle events and integrity changes to VirtualBox components.
Plan in-change maintenance to apply updates; coordinate with security and IT teams. If KEV is present or EPSS ≥ 0.5 (data not provided), treat as priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-61760, oracle-corporation, oracle-vm-virtualbox, OSINT, threatintel