CVE-2025-62589: 
VirtualBox vulnerability analysis and mitigation

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. This is an easily exploitable vulnerability that allows high privileged attackers with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise the system. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. The vulnerability has been assigned a CVSS 3.1 Base Score of 8.2 (Confidentiality, Integrity and Availability impacts) with the vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) (Oracle CPU).

The vulnerability exists in the Core component of Oracle VM VirtualBox. It requires a high-privileged attacker with logon access to the infrastructure. The attack complexity is considered low, requiring no user interaction for exploitation. The scope is changed, meaning the vulnerability can impact components beyond the vulnerable component. The vulnerability affects both confidentiality, integrity, and availability with high impact levels, as indicated by the CVSS vector AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H (Oracle CPU).

Successful exploitation of this vulnerability can result in complete takeover of Oracle VM VirtualBox. Due to the scope change characteristic, the impact may extend beyond the VirtualBox environment to affect additional products. The high impact ratings for confidentiality, integrity, and availability indicate that attackers could potentially gain complete access to system information, modify system data, and cause system unavailability (Oracle CPU).

Oracle has released patches for the affected versions (7.1.12 and 7.2.2) as part of the October 2025 Critical Patch Update. Users are strongly advised to apply these security patches without delay to address the vulnerability (Oracle CPU).