CVE-2025-64721 is an integer overflow vulnerability classified under CWE-190 affecting Sandboxie, a sandbox-based isolation software for Windows NT systems. The issue exists in versions 1.16.6 and earlier, specifically in the SYSTEM-level service SbieSvc.exe. This service exposes the function SbieIniServer::RC4Crypt to sandboxed processes, which improperly handles a caller-controlled parameter value_len by adding a fixed header size without checking for integer overflow. When a large value_len, such as 0xFFFFFFF0, is supplied, the addition wraps around, resulting in an undersized buffer allocation. Subsequently, when attacker-controlled data is copied into this buffer, a heap overflow occurs. This memory corruption allows an attacker operating within a sandboxed process to execute arbitrary code with SYSTEM privileges, effectively breaking out of the sandbox and fully compromising the host system. The vulnerability requires no authentication or user interaction, making it highly exploitable. The vendor addressed this issue in Sandboxie version 1.16.7. The CVSS 4.0 base score is 9.9, reflecting the vulnerability's critical severity due to its high impact on confidentiality, integrity, and availability, combined with its ease of exploitation and broad scope. No public exploits have been reported yet, but the potential for severe damage is substantial given the privilege escalation vector and the common use of Sandboxie for security isolation.

For European organizations, the impact of CVE-2025-64721 is significant, particularly for those using Sandboxie to isolate untrusted applications or processes. Successful exploitation allows attackers to escape the sandbox environment and gain SYSTEM-level privileges, leading to full control over affected Windows hosts. This can result in unauthorized access to sensitive data, disruption of critical services, and deployment of persistent malware or ransomware. Organizations in sectors such as finance, healthcare, government, and critical infrastructure, which often rely on sandboxing for endpoint security, face heightened risk. The vulnerability undermines trust in sandboxing as a security control, potentially increasing the attack surface. Additionally, the lack of required authentication or user interaction means attacks can be automated and propagated rapidly within networks. The critical nature of this vulnerability necessitates urgent remediation to prevent potential large-scale compromises and data breaches within European enterprises.

To mitigate CVE-2025-64721, organizations should immediately upgrade Sandboxie installations to version 1.16.7 or later, where the vulnerability is patched. If upgrading is not immediately feasible, consider disabling or restricting access to the SbieSvc.exe service to sandboxed processes to prevent exploitation. Implement strict application whitelisting and endpoint detection and response (EDR) solutions to monitor for anomalous behavior related to sandbox escapes or unexpected SYSTEM-level process creations. Network segmentation can limit lateral movement if a host is compromised. Regularly audit and inventory systems running Sandboxie to ensure no outdated versions remain in use. Additionally, educate security teams about this vulnerability to enhance detection capabilities and incident response readiness. Finally, maintain up-to-date backups and incident response plans to mitigate potential damage from exploitation.