CVE-2025-46714

Sandboxie has Pool Buffer Overflow in SbieDrv.sys API (API_GET_SECURE_PARAM)

Description

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue.

INFO

Published Date :

2025-05-22T12:27:57.002Z

Last Modified :

2025-05-22T14:21:10.879Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-46714 vulnerability.

Vendors	Products
Sandboxie-plus	Sandboxie

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46714.

URL	Resource
https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-c5h5-54gp-xh4q

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact