vm2 is a widely used Node.js virtual machine sandbox. A flaw in the handling of Promises in versions prior to 3.10.5 allows an attacker to inject code that bypasses the sandbox boundary. The vulnerability is based on improper code generation (CWE‑94) and security misconfiguration (CWE‑693). When exploited, the attacker can break out of the isolated VM and execute arbitrary commands on the host system, leading to full system compromise. The impact is limited to environments that instantiate vm2 and expose executable code to untrusted input, but the consequence is catastrophic: confidentiality, integrity, and availability are all jeopardized through remote execution of host‑level code.

The affected product is patriksimek’s vm2 library, versions earlier than 3.10.5. Users of any Node.js application that relies on vm2 for sandboxing—such as web servers, code execution services, or build tools—must ensure they are running at least version 3.10.5 or later. The advisory provides release notes for v3.10.5 as the fix.

An estimated CVSS score of 9.8 categorizes this as critical, with a high potential for exploitation. No EPSS data is available, so the current model of exploitation likelihood is unknown, but the flaw is sufficient to read the official advisory that it could be leveraged by an attacker who controls the code executed in the VM. The vulnerability is not listed in the CISA KEV catalog, indicating no known mass exploitation. Nonetheless, the attack vector is inferred to be compromised or malicious sandboxed code—an attacker who can influence the content passed to vm2 poses a substantial threat. The only known mitigation is to apply the patch released in v3.10.5, after which the sandbox boundary is restored and the code execution vector is closed.