Buffer Overflow Vulnerability in Sandboxie Isolation Software by Sandboxie-Plus
CVE-2025-46713

7.8HIGH

Key Information:

Vendor: Sandboxie-plus
Status: Sandboxie
Vendor: CVE Published:; 22 May 2025

🔔 Create Sandboxie-plus Vulnerability Alert

What is CVE-2025-46713?

Sandboxie is a widely-used sandbox-based isolation software designed for Windows NT-based operating systems. A vulnerability has been identified in Sandboxie, specifically in the API_SET_SECURE_PARAM of its memory allocation subsystem. The flaw could result in an arithmetic overflow, leading to an incorrectly sized memory allocation, which may cause a buffer overflow. This issue affects versions from 0.0.1 up to 1.15.11, and has been addressed in version 1.15.12. Users are advised to upgrade promptly to enhance their system's security.

Affected Version(s)

Sandboxie >= 0.0.1, , 1.15.12

References

https://github.com/sandboxie-plus/Sandboxie/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2025
Vulnerability Reserved
Apr 28, 2025