vm2 Sandbox Escape Enables Arbitrary Code Execution

vm2 is a popular Node.js sandboxing library designed to safely execute untrusted code in isolated virtual machine contexts. Version 3.10.4 contains a critical vulnerability that allows attackers to completely escape the sandbox and execute arbitrary commands on the host system with zero user interaction required. This affects any application using vm2 to run user-supplied or third-party code—including educational platforms, code execution services, containerized environments, and security testing tools. The CVSS 9.8 critical rating reflects the complete loss of sandbox integrity and the ability to compromise the entire host process.

While this CVE maps to CWE-693 (Protection Mechanism Failure), Casky's extended reasoning capabilities would identify the underlying attack patterns associated with sandbox escape techniques that typically correlate with MITRE ATT&CK tactics like Execution (T1059) and Privilege Escalation (T1548). Practitioners using Casky would receive findings highlighting anomalous object access patterns within VM contexts, unexpected host process interactions from sandboxed code, and behavioral signatures indicating escape attempts—such as prototype chain manipulation or host object access. The 0 matching skills reflects that this specific vm2 flaw requires version-specific indicators; however, Casky's AI-driven analysis would flag the class of vulnerabilities (sandbox breakout patterns) during threat hunting activities, allowing security teams to identify affected deployments and prioritize patching to version 3.10.5.