BI.ZONE researchers discovered two vulnerabilities (CVE-2025-62592 and CVE-2025-61760) in Oracle VirtualBox. In combination, these issues allowed an escape from a VirtualBox virtual machine to the ARM-based macOS host system.
It is noted that this is the first publicly known vulnerability chain of this kind since the release of VirtualBox version 7.1.0 in 2024, which introduced ARM support on macOS.
CVE-2025-62592 (CVSS score 6.0) was discovered in the QemuRamFB virtual graphics adapter, in the qemuFwCfgMmioRead MMIO read handler. It allows an attacker to trigger an integer underflow and read an unlimited amount of memory beyond the bounds of an array. As a result, an attacker can access sensitive data, including the randomized base addresses of programs and libraries. The vulnerability affects only ARM-based VirtualBox for macOS.
CVE-2025-61760 (CVSS score 7.5) is located in the virtioCoreR3VirtqInfo function and is a stack-based buffer overflow. An attacker can exploit this bug using information obtained from exploiting CVE-2025-62592. The attacker can then escape from a virtual machine to the host OS and execute arbitrary code, taking control of the hypervisor and other virtual machines.
As a result, an attacker can gain access to the device’s microphone and camera, read and modify any files, including files belonging to other applications. They can also launch new processes, effectively obtaining almost full control over the host OS.
“When developing an exploit for modern applications, attackers most often need two vulnerabilities: one to leak ASLR and one to corrupt structures in the process’s memory. The vulnerabilities our team discovered are self-sufficient for such a chain. Their exploitation is somewhat impeded by defensive mitigations such as NX (No-eXecute) and the stack canary, but it is possible by overwriting other local variables of the virtioCoreR3VirtqInfo function,” comments Pavel Blinnikov, head of the vulnerability research group.
The vulnerability information was provided to the vendor, and on October 21, 2025, Oracle released a Critical Patch Update that addresses both issues.