Vulnerabilites related to sandboxie-plus - sandboxie
CVE-2025-46715 (GCVE-0-2025-46715)
Vulnerability from cvelistv5
Published
2025-05-22 16:46
Modified
2025-05-22 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write to. GetRegValue then writes the contents of the SBIE registry entry selected to this address. An attacker can pass in a kernel pointer and the driver dumps the registry key contents we requested to it. This can be triggered by anyone on the system, including low integrity windows processes. Version 1.15.12 fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-67p9-6h73-ff7x | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sandboxie-plus | Sandboxie |
Version: >= 1.3.0, < 1.15.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46715",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:29:16.636239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:29:34.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sandboxie",
"vendor": "sandboxie-plus",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.15.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write to. GetRegValue then writes the contents of the SBIE registry entry selected to this address. An attacker can pass in a kernel pointer and the driver dumps the registry key contents we requested to it. This can be triggered by anyone on the system, including low integrity windows processes. Version 1.15.12 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:49:55.871Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-67p9-6h73-ff7x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-67p9-6h73-ff7x"
}
],
"source": {
"advisory": "GHSA-67p9-6h73-ff7x",
"discovery": "UNKNOWN"
},
"title": "Sandboxie Arbitrary Kernel Write in SbieDrv.sys API (API_GET_SECURE_PARAM)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46715",
"datePublished": "2025-05-22T16:46:16.419Z",
"dateReserved": "2025-04-28T20:56:09.083Z",
"dateUpdated": "2025-05-22T17:29:34.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18748 (GCVE-0-2018-18748)
Vulnerability from cvelistv5
Published
2018-10-28 03:00
Modified
2024-11-14 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-18748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-24T15:54:51.307924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T20:26:24.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sandboxie 5.26 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"cmd\") or os.system(\"powershell\"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product\u0027s intended functionality"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"cmd\") or os.system(\"powershell\"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product\u0027s intended functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc",
"refsource": "MISC",
"url": "https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18748",
"datePublished": "2018-10-28T03:00:00",
"dateReserved": "2018-10-27T00:00:00",
"dateUpdated": "2024-11-14T20:26:24.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54422 (GCVE-0-2025-54422)
Vulnerability from cvelistv5
Published
2025-07-29 12:47
Modified
2025-07-29 13:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-jp7r-vgv9-43p7 | x_refsource_CONFIRM | |
| https://github.com/sandboxie-plus/Sandboxie/commit/d107d5743880da28e782c1771b5246b2a512989a | x_refsource_MISC | |
| https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.16.2 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sandboxie-plus | Sandboxie |
Version: < 1.16.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54422",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T13:29:53.514945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T13:29:56.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-jp7r-vgv9-43p7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sandboxie",
"vendor": "sandboxie-plus",
"versions": [
{
"status": "affected",
"version": "\u003c 1.16.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-322",
"description": "CWE-322: Key Exchange without Entity Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T12:47:50.414Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-jp7r-vgv9-43p7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-jp7r-vgv9-43p7"
},
{
"name": "https://github.com/sandboxie-plus/Sandboxie/commit/d107d5743880da28e782c1771b5246b2a512989a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/commit/d107d5743880da28e782c1771b5246b2a512989a"
},
{
"name": "https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.16.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.16.2"
}
],
"source": {
"advisory": "GHSA-jp7r-vgv9-43p7",
"discovery": "UNKNOWN"
},
"title": "Sandboxie exposes encrypted sandbox key during password change"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54422",
"datePublished": "2025-07-29T12:47:50.414Z",
"dateReserved": "2025-07-21T23:18:10.281Z",
"dateUpdated": "2025-07-29T13:29:56.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46714 (GCVE-0-2025-46714)
Vulnerability from cvelistv5
Published
2025-05-22 12:27
Modified
2025-05-22 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-c5h5-54gp-xh4q | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sandboxie-plus | Sandboxie |
Version: >= 1.3.0, < 1.15.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46714",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T14:20:53.823291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:21:10.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sandboxie",
"vendor": "sandboxie-plus",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.15.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:27:57.002Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-c5h5-54gp-xh4q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-c5h5-54gp-xh4q"
}
],
"source": {
"advisory": "GHSA-c5h5-54gp-xh4q",
"discovery": "UNKNOWN"
},
"title": "Sandboxie has Pool Buffer Overflow in SbieDrv.sys API (API_GET_SECURE_PARAM)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46714",
"datePublished": "2025-05-22T12:27:57.002Z",
"dateReserved": "2025-04-28T20:56:09.083Z",
"dateUpdated": "2025-05-22T14:21:10.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46716 (GCVE-0-2025-46716)
Vulnerability from cvelistv5
Published
2025-05-22 16:50
Modified
2025-05-22 17:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-3984-r877-q7xp | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sandboxie-plus | Sandboxie |
Version: >= 1.3.0, < 1.15.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:27:20.448353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:28:02.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sandboxie",
"vendor": "sandboxie-plus",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.15.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:50:18.448Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-3984-r877-q7xp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-3984-r877-q7xp"
}
],
"source": {
"advisory": "GHSA-3984-r877-q7xp",
"discovery": "UNKNOWN"
},
"title": "Sandboxie Arbitrary Kernel Read in SbieDrv.sys API (API_SET_SECURE_PARAM)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46716",
"datePublished": "2025-05-22T16:50:18.448Z",
"dateReserved": "2025-04-28T20:56:09.083Z",
"dateUpdated": "2025-05-22T17:28:02.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49360 (GCVE-0-2024-49360)
Vulnerability from cvelistv5
Published
2024-11-29 18:11
Modified
2024-12-02 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users' files in `C:\Sandbox\xxx`. By default in Windows 7+, the `C:\Users\UserA` folder is not readable by **UserB**.
All files edited or created during the sandbox processing are affected by the vulnerability. All files in C:\Users are safe. If `UserB` runs a cmd in a sandbox, he will be able to access `C:\Sandox\UserA`. In addition, if **UserB** create a folder `C:\Sandbox\UserA` with malicious ACLs, when **UserA** will user the sandbox, Sandboxie doesn't reset ACLs ! This issue has not yet been fixed. Users are advised to limit access to their systems using Sandboxie.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-4chj-3c28-gvmp | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sandboxie-plus | Sandboxie |
Version: < v1.14.6 / 5.69.6 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sandboxie:sandboxie:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sandboxie",
"vendor": "sandboxie",
"versions": [
{
"lessThan": "1.14.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThan": "5.69.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49360",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T20:30:35.454477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T20:32:39.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sandboxie",
"vendor": "sandboxie-plus",
"versions": [
{
"status": "affected",
"version": "\u003c v1.14.6 / 5.69.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\\Sandbox\\UserB\\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users\u0027 files in `C:\\Sandbox\\xxx`. By default in Windows 7+, the `C:\\Users\\UserA` folder is not readable by **UserB**.\nAll files edited or created during the sandbox processing are affected by the vulnerability. All files in C:\\Users are safe. If `UserB` runs a cmd in a sandbox, he will be able to access `C:\\Sandox\\UserA`. In addition, if **UserB** create a folder `C:\\Sandbox\\UserA` with malicious ACLs, when **UserA** will user the sandbox, Sandboxie doesn\u0027t reset ACLs ! This issue has not yet been fixed. Users are advised to limit access to their systems using Sandboxie."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:11:58.261Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-4chj-3c28-gvmp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-4chj-3c28-gvmp"
}
],
"source": {
"advisory": "GHSA-4chj-3c28-gvmp",
"discovery": "UNKNOWN"
},
"title": "Path traversal in Sandboxie"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-49360",
"datePublished": "2024-11-29T18:11:58.261Z",
"dateReserved": "2024-10-14T13:56:34.809Z",
"dateUpdated": "2024-12-02T20:32:39.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46713 (GCVE-0-2025-46713)
Vulnerability from cvelistv5
Published
2025-05-22 12:23
Modified
2025-05-22 15:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that would lead to a smaller allocation than requested, and a buffer overflow. Version 1.15.12 fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-5g85-6p6v-r479 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sandboxie-plus | Sandboxie |
Version: >= 0.0.1, , 1.15.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T15:11:25.674860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T15:12:21.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sandboxie",
"vendor": "sandboxie-plus",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.0.1, , 1.15.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that would lead to a smaller allocation than requested, and a buffer overflow. Version 1.15.12 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T12:26:06.433Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-5g85-6p6v-r479",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-5g85-6p6v-r479"
}
],
"source": {
"advisory": "GHSA-5g85-6p6v-r479",
"discovery": "UNKNOWN"
},
"title": "Sandboxie has Pool Buffer Overflow in SbieDrv.sys API (API_SET_SECURE_PARAM)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46713",
"datePublished": "2025-05-22T12:23:16.871Z",
"dateReserved": "2025-04-28T20:56:09.083Z",
"dateUpdated": "2025-05-22T15:12:21.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-10-29 12:29
Modified
2025-08-04 20:00
Severity ?
Summary
Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc | Broken Link, Third Party Advisory | |
| nvd@nist.gov | https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc | Broken Link, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sandboxie-plus | sandboxie | 5.26 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sandboxie-plus:sandboxie:5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA24BEB-7821-4CDC-8714-0AB294BB7CC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie 5.26 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"cmd\") or os.system(\"powershell\"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product\u0027s intended functionality"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Sandboxie 5.26 permite el escape del sandbox mediante una instrucci\u00f3n \"import os\", seguida por os.system(\"cmd\") u os.system(\"powershell\"), en un archivo .py. NOTA: el fabricante disputa este problema debido a que el comportamiento observado es consistente con la funcionalidad planeada del producto."
}
],
"id": "CVE-2018-18748",
"lastModified": "2025-08-04T20:00:30.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-29T12:29:09.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc"
},
{
"source": "nvd@nist.gov",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 13:15
Modified
2025-08-04 17:30
Severity ?
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sandboxie-plus | sandboxie | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sandboxie-plus:sandboxie:*:*:*:*:plus:*:*:*",
"matchCriteriaId": "8EBFA567-2E4B-429B-A81C-6914E20D61FC",
"versionEndExcluding": "1.16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2."
},
{
"lang": "es",
"value": "Sandboxie es un software de aislamiento basado en un entorno de pruebas para sistemas operativos Windows NT de 32 y 64 bits. En las versiones 1.16.1 y anteriores, existe una vulnerabilidad cr\u00edtica de seguridad en los mecanismos de gesti\u00f3n de contrase\u00f1as. Durante la creaci\u00f3n de un entorno de pruebas cifrado, las contrase\u00f1as de usuario se transmiten a trav\u00e9s de memoria compartida, lo que las expone a posibles interceptaciones. La vulnerabilidad es especialmente grave durante las operaciones de modificaci\u00f3n de contrase\u00f1as, donde tanto las contrase\u00f1as antiguas como las nuevas se pasan como argumentos de l\u00ednea de comandos de texto plano al proceso Imbox sin cifrado ni ofuscaci\u00f3n. Esta falla de implementaci\u00f3n permite que cualquier proceso dentro de la sesi\u00f3n del usuario, incluidos los procesos sin privilegios, recupere estas credenciales confidenciales leyendo los argumentos de la l\u00ednea de comandos, eludiendo as\u00ed los requisitos de privilegios est\u00e1ndar y creando un riesgo de seguridad significativo. Esto se ha corregido en la versi\u00f3n 1.16.2."
}
],
"id": "CVE-2025-54422",
"lastModified": "2025-08-04T17:30:08.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T13:15:27.823",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/commit/d107d5743880da28e782c1771b5246b2a512989a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.16.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-jp7r-vgv9-43p7"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-jp7r-vgv9-43p7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
},
{
"lang": "en",
"value": "CWE-322"
},
{
"lang": "en",
"value": "CWE-497"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 17:15
Modified
2025-08-04 17:26
Severity ?
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-3984-r877-q7xp | Vendor Advisory, Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sandboxie-plus | sandboxie | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sandboxie-plus:sandboxie:*:*:*:*:plus:*:*:*",
"matchCriteriaId": "489CD850-434B-43D0-80AF-6F75FC65B3AB",
"versionEndExcluding": "1.15.12",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue."
},
{
"lang": "es",
"value": "Sandboxie es un software de aislamiento basado en la sandbox para sistemas operativos Windows NT de 32 y 64 bits. A partir de la versi\u00f3n 1.3.0 y anteriores a la 1.15.12, Api_SetSecureParam no sanea los punteros entrantes y conf\u00eda impl\u00edcitamente en que el puntero introducido por el usuario es seguro. SetRegValue lee una direcci\u00f3n arbitraria, que puede ser un puntero de kernel, en un valor de registro SBIE de HKLM Security. Este valor se puede recuperar posteriormente mediante API_GET_SECURE_PARAM. La versi\u00f3n 1.15.12 soluciona el problema."
}
],
"id": "CVE-2025-46716",
"lastModified": "2025-08-04T17:26:34.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-05-22T17:15:24.560",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory",
"Exploit"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-3984-r877-q7xp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-29 18:15
Modified
2025-08-04 17:25
Severity ?
9.2 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users' files in `C:\Sandbox\xxx`. By default in Windows 7+, the `C:\Users\UserA` folder is not readable by **UserB**.
All files edited or created during the sandbox processing are affected by the vulnerability. All files in C:\Users are safe. If `UserB` runs a cmd in a sandbox, he will be able to access `C:\Sandox\UserA`. In addition, if **UserB** create a folder `C:\Sandbox\UserA` with malicious ACLs, when **UserA** will user the sandbox, Sandboxie doesn't reset ACLs ! This issue has not yet been fixed. Users are advised to limit access to their systems using Sandboxie.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-4chj-3c28-gvmp | Exploit, Vendor Advisory, Mitigation |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sandboxie-plus | sandboxie | * | |
| sandboxie-plus | sandboxie | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sandboxie-plus:sandboxie:*:*:*:*:plus:*:*:*",
"matchCriteriaId": "5C8FCC55-2EC4-43C3-80A0-D9D34954585D",
"versionEndExcluding": "1.14.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sandboxie-plus:sandboxie:*:*:*:*:classic:*:*:*",
"matchCriteriaId": "20BE7C41-AC57-41A3-9499-1A62BF72269C",
"versionEndExcluding": "5.69.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\\Sandbox\\UserB\\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users\u0027 files in `C:\\Sandbox\\xxx`. By default in Windows 7+, the `C:\\Users\\UserA` folder is not readable by **UserB**.\nAll files edited or created during the sandbox processing are affected by the vulnerability. All files in C:\\Users are safe. If `UserB` runs a cmd in a sandbox, he will be able to access `C:\\Sandox\\UserA`. In addition, if **UserB** create a folder `C:\\Sandbox\\UserA` with malicious ACLs, when **UserA** will user the sandbox, Sandboxie doesn\u0027t reset ACLs ! This issue has not yet been fixed. Users are advised to limit access to their systems using Sandboxie."
},
{
"lang": "es",
"value": "Sandboxie es un software de aislamiento basado en sandbox para sistemas operativos Windows NT de 32 y 64 bits. Un usuario autenticado (**UserA**) sin privilegios est\u00e1 autorizado a leer todos los archivos creados en sandbox que pertenecen a otros usuarios en las carpetas sandbox `C:\\Sandbox\\UserB\\xxx`. Un atacante autenticado que puede utilizar `explorer.exe` o `cmd.exe` fuera de cualquier sandbox puede leer los archivos de otros usuarios en `C:\\Sandbox\\xxx`. De forma predeterminada en Windows 7+, la carpeta `C:\\Users\\UserA` no es legible por **UserB**.\nTodos los archivos editados o creados durante el procesamiento de sandbox se ven afectados por la vulnerabilidad. Todos los archivos en C:\\Users est\u00e1n seguros. Si `UserB` ejecuta un comando en un sandbox, podr\u00e1 acceder a `C:\\Sandox\\UserA`. Adem\u00e1s, si **UserB** crea una carpeta `C:\\Sandbox\\UserA` con ACL maliciosas, cuando **UserA** use el sandbox, Sandboxie no restablece las ACL. Este problema a\u00fan no se ha solucionado. Se recomienda a los usuarios que limiten el acceso a sus Sandbox mediante Sandboxie.\""
}
],
"id": "CVE-2024-49360",
"lastModified": "2025-08-04T17:25:26.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-29T18:15:09.307",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory",
"Mitigation"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-4chj-3c28-gvmp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 17:15
Modified
2025-08-04 17:25
Severity ?
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write to. GetRegValue then writes the contents of the SBIE registry entry selected to this address. An attacker can pass in a kernel pointer and the driver dumps the registry key contents we requested to it. This can be triggered by anyone on the system, including low integrity windows processes. Version 1.15.12 fixes the issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-67p9-6h73-ff7x | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sandboxie-plus | sandboxie | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sandboxie-plus:sandboxie:*:*:*:*:plus:*:*:*",
"matchCriteriaId": "489CD850-434B-43D0-80AF-6F75FC65B3AB",
"versionEndExcluding": "1.15.12",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write to. GetRegValue then writes the contents of the SBIE registry entry selected to this address. An attacker can pass in a kernel pointer and the driver dumps the registry key contents we requested to it. This can be triggered by anyone on the system, including low integrity windows processes. Version 1.15.12 fixes the issue."
},
{
"lang": "es",
"value": "Sandboxie es un software de aislamiento basado en la sandbox para sistemas operativos Windows NT de 32 y 64 bits. A partir de la versi\u00f3n 1.3.0 y anteriores a la 1.15.12, Api_GetSecureParam no sanea los punteros entrantes y conf\u00eda impl\u00edcitamente en que el puntero introducido por el usuario es seguro para escribir. GetRegValue escribe entonces el contenido de la entrada de registro de SBIE seleccionada en esta direcci\u00f3n. Un atacante puede introducir un puntero de kernel y el controlador env\u00eda el contenido de la clave de registro solicitada. Esto puede ser activado por cualquier usuario del sistema, incluidos los procesos de Windows de baja integridad. La versi\u00f3n 1.15.12 soluciona el problema."
}
],
"id": "CVE-2025-46715",
"lastModified": "2025-08-04T17:25:44.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-05-22T17:15:24.400",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-67p9-6h73-ff7x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-08-04 17:23
Severity ?
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that would lead to a smaller allocation than requested, and a buffer overflow. Version 1.15.12 fixes the issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-5g85-6p6v-r479 | Vendor Advisory, Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sandboxie-plus | sandboxie | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sandboxie-plus:sandboxie:*:*:*:*:plus:*:*:*",
"matchCriteriaId": "A49D20EB-C81C-4342-96DF-2D0EDE06D2B5",
"versionEndExcluding": "1.15.12",
"versionStartIncluding": "0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that would lead to a smaller allocation than requested, and a buffer overflow. Version 1.15.12 fixes the issue."
},
{
"lang": "es",
"value": "Sandboxie es un software de aislamiento basado en la sandbox para sistemas operativos Windows NT de 32 y 64 bits. A partir de la versi\u00f3n 0.0.1 y anteriores a la 1.15.12, API_SET_SECURE_PARAM pod\u00eda presentar un desbordamiento aritm\u00e9tico en el subsistema de asignaci\u00f3n de memoria, lo que provocaba una asignaci\u00f3n menor a la solicitada y un desbordamiento del b\u00fafer. La versi\u00f3n 1.15.12 soluciona este problema."
}
],
"id": "CVE-2025-46713",
"lastModified": "2025-08-04T17:23:32.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-05-22T13:15:57.650",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory",
"Exploit"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-5g85-6p6v-r479"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-22 13:15
Modified
2025-08-04 17:24
Severity ?
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-c5h5-54gp-xh4q | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sandboxie-plus | sandboxie | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sandboxie-plus:sandboxie:*:*:*:*:plus:*:*:*",
"matchCriteriaId": "489CD850-434B-43D0-80AF-6F75FC65B3AB",
"versionEndExcluding": "1.15.12",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue."
},
{
"lang": "es",
"value": "Sandboxie es un software de aislamiento basado en la sandbox para sistemas operativos Windows NT de 32 y 64 bits. A partir de la versi\u00f3n 1.3.0 y anteriores a la 1.15.12, API_GET_SECURE_PARAM presenta un desbordamiento aritm\u00e9tico que provoca una peque\u00f1a asignaci\u00f3n de memoria y, posteriormente, una copia extremadamente grande en dicha asignaci\u00f3n. La versi\u00f3n 1.15.12 corrige este problema."
}
],
"id": "CVE-2025-46714",
"lastModified": "2025-08-04T17:24:44.340",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-05-22T13:15:57.913",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-c5h5-54gp-xh4q"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}