Critical VM Escape Vulnerabilities Discovered in Oracle VirtualBox for ARM-Based Macs

Security researchers at BI.ZONE have uncovered a dangerous vulnerability chain in Oracle VirtualBox that could allow attackers to break out of virtual machines and compromise host systems running ARM-based macOS.

The two flaws—CVE-2025-62592 and CVE-2025-61760—represent the first publicly known VM escape vulnerability chain since VirtualBox added ARM support for macOS in version 7.1.0 last year. Oracle has since patched both issues in its October 2025 Critical Patch Update.

How the Attack Works

The vulnerability chain operates in two stages, with each flaw enabling the next phase of the attack.

The first vulnerability, CVE-2025-62592 (CVSS score: 6.0), resides in the QemuRamFB virtual graphics adapter's MMIO read handler. An attacker can trigger an integer underflow that allows unlimited memory reads beyond array boundaries. This information disclosure bug leaks sensitive data, including randomized memory addresses used by the operating system's security defenses—critical information needed to bypass Address Space Layout Randomization (ASLR).

The second flaw, CVE-2025-61760 (CVSS score: 7.5), is a stack-based buffer overflow in the virtioCoreR3VirtqInfo function. Armed with information obtained from the first vulnerability, attackers can exploit this overflow to escape the virtual machine's sandbox and execute arbitrary code on the host operating system.

Scope and Impact

These vulnerabilities only affect VirtualBox installations running on Apple Silicon (ARM-based) Macs, a platform that has grown significantly since Apple's transition from Intel processors.

A successful exploit chain grants attackers extensive control over the host system. They can access the device's microphone and camera, read and modify files across all applications, launch new processes, and potentially compromise other virtual machines running on the same hypervisor.

"When developing an exploit for modern applications, attackers most often need two vulnerabilities: one for ASLR leakage and one for corrupting structures in the process's memory," explained Pavel Blinnikov, Head of the Vulnerability Research Group at BI.ZONE. "The vulnerabilities discovered by our team are self-sufficient for such a chain."

Technical Barriers and Exploitation

Despite their severity, these vulnerabilities aren't trivial to exploit. Modern security mitigations including NX (No-eXecute) protections and stack canaries add complexity to any attack. However, Blinnikov noted that exploitation remains possible by overwriting local variables within the vulnerable function.

The discovery highlights a fundamental challenge in virtualization security: attackers only need to find a single chain of vulnerabilities to break through multiple layers of isolation that virtual machines are designed to provide.

Patch Available

Oracle addressed both vulnerabilities in its Critical Patch Update released on October 21, 2025. VirtualBox users on ARM-based macOS systems should update immediately to protect against potential exploitation.

BI.ZONE responsibly disclosed the vulnerabilities to Oracle before publication, following standard coordinated disclosure practices that give vendors time to develop and release patches before details become public.

The discovery serves as a reminder that even mature virtualization platforms require ongoing security scrutiny, particularly as they expand to new processor architectures like Apple Silicon.