CVE-2020-2725
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A low-privileged attacker can cause a denial of service in Oracle VM VirtualBox by exploiting a core vulnerability in versions prior to 5.2.36, 6.0.16, and 6.1.2.
Vulnerability
The vulnerability resides in the Core component of Oracle VM VirtualBox. Affected versions are prior to 5.2.36, prior to 6.0.16, and prior to 6.1.2 [1]. The vulnerability is easily exploitable and requires low privileges.
Exploitation
An attacker with low privileges and logon access to the infrastructure where VirtualBox runs can exploit this vulnerability. No user interaction is required beyond the attacker's own logon. The attack vector is local.
Impact
Successful exploitation results in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DOS) of VirtualBox. The CVSS 3.0 base score is 6.5, with scope changed indicating potential impact on additional products.
Mitigation
Oracle has released fixed versions: 5.2.36, 6.0.16, and 6.1.2 [1]. Gentoo advisories recommend upgrading to these versions or later [1][2]. No workaround is known [1]. Users should update their VirtualBox installations.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: prior to 5.2.36, prior to 6.0.16, prior to 6.1.2
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- security.gentoo.org/glsa/202004-02mitrevendor-advisoryx_refsource_GENTOO
- security.gentoo.org/glsa/202101-09mitrevendor-advisoryx_refsource_GENTOO
- www.oracle.com/security-alerts/cpujan2020.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.