CVE-2025-46713 – CVE-2025-46713 is an arithmetic overflow vulner... (How to Fix)

Q: What is the severity of CVE-2025-46713?

CVE-2025-46713 has a CVSS score of 7.8 (HIGH). CVE-2025-46713 is an arithmetic overflow vulnerability in Sandboxie's memory allocation subsystem that leads to buffer overflow. This allows attackers to execute arbitrary code within the sandbox environment. All users running Sandboxie versions before 1.15.12 on Windows NT-based systems are affected.

📋 TL;DR

CVE-2025-46713 is an arithmetic overflow vulnerability in Sandboxie's memory allocation subsystem that leads to buffer overflow. This allows attackers to execute arbitrary code within the sandbox environment. All users running Sandboxie versions before 1.15.12 on Windows NT-based systems are affected.

💻 Affected Systems

Products:

Sandboxie
Sandboxie-Plus

Versions: 0.0.1 through 1.15.11

Operating Systems: Windows NT-based systems (32-bit and 64-bit)

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. The vulnerability exists in the API_SET_SECURE_PARAM functionality.

📦 What is this software?

Sandboxie by Sandboxie Plus

View all CVEs affecting Sandboxie →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full sandbox escape leading to arbitrary code execution on the host system with the same privileges as the Sandboxie process.

🟠

Likely Case

Arbitrary code execution within the sandbox environment, potentially compromising isolated applications and data.

🟢

If Mitigated

Limited impact if sandbox is properly configured with minimal privileges and no sensitive data is processed within it.

🌐 Internet-Facing: MEDIUM - Requires user interaction or malicious content execution within sandbox, but could be triggered via web content.

🏢 Internal Only: MEDIUM - Could be exploited via malicious documents or applications executed within the sandbox.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering the vulnerable memory allocation path, likely through specific API calls within the sandbox.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.15.12

Vendor Advisory: https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-5g85-6p6v-r479

Restart Required: Yes

Instructions:

1. Download Sandboxie version 1.15.12 or later from the official repository. 2. Close all sandboxed applications. 3. Run the installer to upgrade. 4. Restart the system to ensure all components are updated.

🔧 Temporary Workarounds

Disable Sandboxie Service

windows

Temporarily disable the Sandboxie service to prevent exploitation while awaiting patch deployment.

sc stop SbieSvc
sc config SbieSvc start= disabled

Restrict Sandbox Usage

all

Limit sandbox usage to trusted applications only and avoid running unknown or untrusted content.

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of untrusted applications within the sandbox.
Deploy endpoint detection and response (EDR) solutions to monitor for suspicious memory allocation patterns.

🔍 How to Verify

Check if Vulnerable:

Check Sandboxie version in About dialog or via 'SbieCtrl.exe /version' command.

Check Version:

SbieCtrl.exe /version

Verify Fix Applied:

Verify version is 1.15.12 or higher and check that the service is running without errors.

📡 Detection & Monitoring

Log Indicators:

Unusual memory allocation errors in Sandboxie logs
Crash dumps from SbieSvc.exe

Network Indicators:

None - this is a local vulnerability

SIEM Query:

EventID=1000 OR EventID=1001 Source=SbieSvc.exe | search "access violation" OR "buffer overflow"

📊 Metadata

CVE ID: CVE-2025-46713

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.03% exploit probability (7.5th percentile)

Published: May 22, 2025

Last Updated: August 4, 2025

🔗 References

https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-5g85-6p6v-r479 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46713, you might also want to check these: