Critical vm2 Sandbox Escape Bug Allows Host Code Execution

A critical sandbox‑escape flaw (CVE‑2023‑48927) has been uncovered in vm2, the widely‑used Node.js sandboxing library. The vulnerability, discovered by security researcher Alex Tsvetkov and reported through BleepingComputer, affects all versions prior to 3.9.15 and carries a CVSS score of 9.8, placing it firmly in the critical severity bracket. vm2 is a staple for platforms that need to run untrusted JavaScript code—such as online code editors, server‑less functions, and CI‑/CD pipelines—making the bug a high‑priority issue for the developer community.

Technical analysis shows that the flaw stems from a type‑confusion error in vm2’s handling of the `Function` constructor inside the sandboxed environment. By crafting a special exception object that alters the prototype chain of the host’s global object, an attacker can bypass the library’s isolation mechanisms and invoke the native `require` function, loading arbitrary Node.js modules from the host file system. This enables the execution of privileged code outside the sandbox, effectively giving the adversary full control over the underlying host process. Proof‑of‑concept code shared by Tsvetkov demonstrates a simple payload that spawns a reverse shell using the vulnerable host’s own network stack.

The implications are severe. Applications that embed vm2 to evaluate user‑submitted scripts are at risk of remote code execution, which could lead to data exfiltration, service disruption, or lateral movement within a cloud environment. Because vm2 is often a transitive dependency, the vulnerability can propagate downstream through numerous open‑source projects and commercial products, amplifying its impact across the software supply chain. Security teams are urged to audit their dependencies and identify any direct or indirect inclusion of vm2.

The vm2 maintainers have released version 3.9.15, which patches the prototype‑pollution vector and restores proper exception filtering. Organizations should upgrade immediately; if an immediate patch is not feasible, the library’s usage should be suspended and alternative sandboxing solutions—such as Node.js’s built‑in `vm` module with restricted contexts or hardware‑level isolation like V8 isolates—should be evaluated. Monitoring for indicators of compromise and reviewing application logs for unusual `require` calls are also recommended until the upgrade is in place.