CVE-2025-46713 is a high-severity buffer overflow vulnerability affecting the Sandboxie-plus software, a sandbox-based isolation tool for Windows NT-based operating systems (both 32-bit and 64-bit). The vulnerability exists in versions starting from 0.0.1 up to but not including 1.15.12. The root cause is an arithmetic overflow in the API_SET_SECURE_PARAM function within the memory allocation subsystem. This overflow causes the system to allocate less memory than requested, leading to a classic buffer overflow (CWE-120) when data is copied without proper size checks. Exploiting this vulnerability could allow an attacker with limited privileges (local access with low privileges) to execute arbitrary code with elevated privileges, compromise confidentiality, integrity, and availability of the system. The CVSS v3.1 score is 7.8, reflecting high severity, with attack vector local, low attack complexity, low privileges required, no user interaction, and full impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the nature of sandbox software, which is often used to isolate potentially dangerous processes. Successful exploitation could allow an attacker to escape the sandbox environment, gaining unauthorized access to the host system and potentially executing malicious code or escalating privileges. The issue was fixed in version 1.15.12 of Sandboxie-plus.

For European organizations, this vulnerability presents a critical risk particularly for entities relying on Sandboxie-plus for application isolation, malware analysis, or secure browsing environments. Exploitation could lead to sandbox escape, allowing attackers to execute arbitrary code on the host system, potentially leading to data breaches, system compromise, or lateral movement within networks. This is especially concerning for sectors with high security requirements such as finance, healthcare, government, and critical infrastructure. The local attack vector means that attackers need some level of access to the system, but given the low complexity and no user interaction required, insider threats or malware that gains initial foothold could leverage this flaw to escalate privileges and bypass security controls. The confidentiality, integrity, and availability of sensitive data and systems could be severely impacted, resulting in operational disruption, regulatory non-compliance, and reputational damage.

European organizations should immediately verify their use of Sandboxie-plus and ensure that all installations are upgraded to version 1.15.12 or later, where the vulnerability is patched. For environments where immediate patching is not feasible, restricting local access to systems running Sandboxie-plus is critical to reduce the attack surface. Implement strict access controls and monitoring to detect any suspicious local activity. Employ application whitelisting and endpoint detection and response (EDR) solutions to identify attempts to exploit buffer overflows or sandbox escapes. Additionally, conduct regular security audits and vulnerability assessments focused on sandbox environments. Network segmentation should be used to limit the impact of any potential compromise. Finally, educate users and administrators about the risks of local privilege escalation and sandbox escape vulnerabilities to improve overall security posture.