Oracle has disclosed multiple critical vulnerabilities in its Oracle VM VirtualBox virtualization software, potentially allowing attackers to achieve complete control over the VirtualBox environment.
These flaws, detailed in the October 2025 Critical Patch Update (CPU), affect the Core component of VirtualBox versions 7.1.12 and 7.2.2, enabling high-privileged local attackers to compromise confidentiality, integrity, and availability with devastating consequences.
The disclosure highlights the ongoing risks in virtualization platforms, where even local access can lead to broader system impacts due to scope changes.
Experts warn that these vulnerabilities could facilitate full takeover scenarios, making immediate patching essential for users relying on VirtualBox for development, testing, and secure isolation.
cybersecuritynews.com
