Integer overflow in Sandboxie-plus Sandboxie

CVE-2025-64721

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handle…

Vulnerability class: Integer Overflow

EPSS: 0.001 (31.3th percentile) — read the EPSS interpretation.

Affected products

Sandboxie-plus Sandboxie — versions < 1.16.7

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-w476-j57g-96vp (x_refsource_CONFIRM)
https://github.com/sandboxie-plus/Sandboxie/commit/000492f8c411d24292f1b977a107994347bc7dfa (x_refsource_MISC)
https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.16.7 (x_refsource_MISC)