CVE-2019-2525

MEDIUM

Oracle VM VirtualBox <5.2.24-6.0.2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-2525. PoCs published by wotmd, Phantomn.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2019-2525 and CVE-2019-2548 in VirtualBox 6.0.0, leveraging memory leaks and heap overflows to achieve remote code execution (RCE) by spawning 'xcalc' on the host system. The exploit includes detailed technical steps and functional Python code.

Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N).

Exploits (2)

nomisec WORKING POC 11 stars

by wotmd · poc

https://github.com/wotmd/VirtualBox-6.0.0-Exploit-1-day

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-2525 and CVE-2019-2548 in VirtualBox 6.0.0, leveraging memory leaks and heap overflows to achieve remote code execution (RCE) by spawning 'xcalc' on the host system. The exploit includes detailed technical steps and functional Python code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: VirtualBox 6.0.0

No auth needed

Prerequisites: 3D Acceleration enabled in VirtualBox · Guest VM with access to VBoxSharedCrOpenGL

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 2 stars

by Phantomn · poc

https://github.com/Phantomn/VirtualBox_CVE-2019-2525-CVE-2019-2548

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2018-3055 and CVE-2018-3085, targeting VirtualBox versions up to 5.2.14. The exploit leverages heap manipulation and arbitrary read/write primitives to achieve RIP control in the host process, with detailed technical explanations provided in the README.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Oracle VirtualBox (up to 5.2.14)

No auth needed

Prerequisites: VirtualBox with 3D acceleration enabled · Guest additions installed in the guest VM · Linux host and guest

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106568

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html

Scores

CVSS v3 5.6

EPSS 0.1102

EPSS Percentile 93.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (2)

oracle/vm_virtualbox 6.0.0

oracle/vm_virtualbox < 5.2.24

Published Jan 16, 2019

Tracked Since Feb 18, 2026