Heap Overflow Vulnerability in Sandboxie Isolation Software by Sandboxie Plus
CVE-2025-64721
Key Information:
- Vendor
Sandboxie-plus
- Status
- Vendor
- CVE Published:
- 11 December 2025
Badges
What is CVE-2025-64721?
The vulnerability in Sandboxie affects versions 1.16.6 and earlier, where the SYSTEM-level service SbieSvc.exe improperly handles user-controlled values in the SbieIniServer::RC4Crypt method. This oversight allows sandboxed processes to create a heap overflow by manipulating buffer sizes, thereby executing arbitrary code at the SYSTEM level. This serious flaw compromises the security of the host system, allowing attackers to bypass the isolation that the software is intended to provide. The issue has been remediated in version 1.16.7.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Sandboxie < 1.16.7
News Articles
The Hacker NewsCVE-2025-64721ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
ThreatsDay Bulletin: Key cyber updates on ransomware, cloud intrusions, phishing, botnets, supply-chain risks, and nation-state threat activity.
2 days ago
References
CVSS V4
Timeline
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π°
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved