[German]It has just been announced that Virtualbox 7.1.12 and 7.2.2 contain the CVE-2025-62641 vulnerability. This could allow attackers to take over the host. There are also other vulnerabilities in these versions. Virtualbox 7.1.14 and 7.2.4 provide a remedy.
On August 14, 2025, Oracle's developers released Virtualbox version 7.2 (see VirtualBox 7.2 released). A few days ago, I came across the following tweet stating that Virtualbox 7.1.12 and 7.2.2 contain the vulnerability CVE-2025-62641
Vulnerability CVE-2025-62641 exists in the core of Oracle VirtualBox versions 7.1.12 and 7.2.2. This easily exploitable vulnerability allows an attacker with high privileges logged into the infrastructure running Oracle VM VirtualBox to compromise Oracle VM VirtualBox.
Although the vulnerability exists in Oracle VM VirtualBox, attacks could have a significant impact on other products (change in scope). Successful attacks on this vulnerability could lead to the takeover of Oracle VM VirtualBox.
Oracle published this security advisory on October 23, 2025, with a list of additional vulnerabilities. Users of Virtualbox 7.2.x can update to 7.2.4 (VirtualBox 7.2.4 released). Users of Virtualbox 7.1.12 should upgrade to version 7.1.14.
