CVE-2025-62590

📊 8.2 HIGH⚡ 0.0%🎯 0 exploits

📅 Published Oct 21, 2025

📋 Status: Analyzed

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

2 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	oracle	vm virtualbox	7.1.12	Vulnerable	cpe:2.3:a:oracle:vm_virtualbox:7.1.12:::::::*
📱App	oracle	vm virtualbox	7.2.2	Vulnerable	cpe:2.3:a:oracle:vm_virtualbox:7.2.2:::::::*

📱

oracle / vm virtualbox

Application

Vulnerable

Version: 7.1.12

CPE:

cpe:2.3:a:oracle:vm_virtualbox:7.1.12:*:*:*:*:*:*:*

📱

oracle / vm virtualbox

Application

Vulnerable

Version: 7.2.2

CPE:

cpe:2.3:a:oracle:vm_virtualbox:7.2.2:*:*:*:*:*:*:*

Metrics

8.2 HIGHCVSS v3.1[email protected]

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector:

LOCAL

Complexity:

LOW

Privileges:

HIGH

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

CHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

8.2 (HIGH)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)8.2th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Oct 21, 2025 (10 days ago)

Last Modified

Oct 23, 2025 (9 days ago)

Security Weaknesses1

CWE-267

References2

NVDgeneral