Sandbox Vulnerability in Sandboxie Software by Sandboxie Plus
CVE-2025-46716

5.5MEDIUM

Key Information:

Vendor: Sandboxie-plus
Status: Sandboxie
Vendor: CVE Published:; 22 May 2025

🔔 Create Sandboxie-plus Vulnerability Alert

What is CVE-2025-46716?

The vulnerability in Sandboxie, a sandbox-based isolation software, arises from improper sanitization of incoming pointers in the Api_SetSecureParam function. Versions 1.3.0 through 1.15.11 fail to validate these pointers, potentially allowing arbitrary memory reads into a registry value, compromising system integrity. This flaw can result in exposure to unsafe memory locations, including kernel pointers, posing a significant risk to user security. Version 1.15.12 has been released to address this vulnerability.

Affected Version(s)

Sandboxie >= 1.3.0, < 1.15.12

References

https://github.com/sandboxie-plus/Sandboxie/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2025
Vulnerability Reserved
Apr 28, 2025