5.5

CVE-2025-46716

Exploit

EPSS 0.03%
Veröffentlicht 22.05.2025 16:50:18
Zuletzt bearbeitet 04.08.2025 17:26:34
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sandboxie-plus ≫ Sandboxie SwEditionplus Version >= 1.3.0 < 1.15.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.092

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-3984-r877-q7xp

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-46716

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-46716

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-46716

EUVD