CVE-2025-46716

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-3984-r877-q7xp

Configurations

No configuration.

History

23 May 2025, 15:55

Type	Values Removed	Values Added
Summary		(es) Sandboxie es un software de aislamiento basado en la sandbox para sistemas operativos Windows NT de 32 y 64 bits. A partir de la versión 1.3.0 y anteriores a la 1.15.12, Api_SetSecureParam no sanea los punteros entrantes y confía implícitamente en que el puntero introducido por el usuario es seguro. SetRegValue lee una dirección arbitraria, que puede ser un puntero de kernel, en un valor de registro SBIE de HKLM Security. Este valor se puede recuperar posteriormente mediante API_GET_SECURE_PARAM. La versión 1.15.12 soluciona el problema.

22 May 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-22 17:15

Updated : 2025-05-23 15:55

NVD link : CVE-2025-46716

Mitre link : CVE-2025-46716

CVE.ORG link : CVE-2025-46716

JSON object : View

Products Affected

No product.

CWE

CWE-125

Out-of-bounds Read

5.5 /10