Arithmetic Overflow Vulnerability in Sandboxie Isolation Software
CVE-2025-46714

7.8HIGH

Key Information:

Vendor: Sandboxie-plus
Status: Sandboxie
Vendor: CVE Published:; 22 May 2025

🔔 Create Sandboxie-plus Vulnerability Alert

What is CVE-2025-46714?

Sandboxie is an isolation software designed for Windows NT-based operating systems that helps users securely run applications. However, a vulnerability has been identified where the API_GET_SECURE_PARAM function suffers from an arithmetic overflow issue. This flaw allows for inadequate memory allocation, which leads to a substantial copy operation into a limited memory space, potentially resulting in unexpected behavior or crashes. The vulnerability affects all versions from 1.3.0 up to, but not including, version 1.15.12, which contains a fix for the issue. It's crucial for users to update to the latest version to ensure their systems remain secure.

Affected Version(s)

Sandboxie >= 1.3.0, < 1.15.12

References

https://github.com/sandboxie-plus/Sandboxie/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2025
Vulnerability Reserved
Apr 28, 2025