An attacker who has local administrative or privileged access on a host running Oracle VM VirtualBox 7.2.8 can exploit a flaw in the Core component to take full control of the VirtualBox process, leading to loss of confidentiality, integrity, and availability for the virtual machine environment and potentially other connected products. The vulnerability is classified as a local privilege escalation that can compromise the entire virtualization stack.

Oracle VirtualBox version 7.2.8 is affected. No other Oracle Virtualization products or third‑party components are explicitly listed as vulnerable, but the impact scope may extend to other products that rely on VirtualBox.

The CVSS 3.1 base score is 7.5, indicating high severity with full impact on confidentiality, integrity, and availability. The EPSS score of less than 1% suggests a low probability of exploitation at the time of this analysis, and the vulnerability is not listed in the CISA KEV catalog. However, because the exploit requires privileged local access, it can be highly destructive if leveraged by a malicious actor who has already gained administrative or equivalent rights on the host system. The combination of high critical impact and low external exploitation probability underscores the need for vigilant monitoring and timely patching once a fix becomes available.