Anthropic-experimental's sandbox-runtime is a lightweight OS-level sandboxing tool designed to enforce filesystem and network restrictions on arbitrary processes without relying on container technology. Prior to version 0.0.16, a vulnerability identified as CVE-2025-66479 (CWE-693: Protection Mechanism Failure) existed due to a bug in the network sandboxing logic. Specifically, if a sandbox policy did not specify any allowed domains for network access, the sandbox-runtime failed to enforce network restrictions properly, effectively allowing sandboxed code to make network requests outside the sandbox. This flaw undermines the fundamental security guarantees of the sandbox by permitting unauthorized network communications, which could be leveraged for data exfiltration or command and control communications if exploited. The vulnerability requires the attacker to have local access with high privileges (PR:H) and does not require user interaction (UI:N). The CVSS 4.0 score is low (1.8), reflecting limited impact and exploitability. No known exploits are reported in the wild. The issue was resolved in version 0.0.16 by correcting the sandbox policy enforcement logic to ensure that network restrictions are properly applied even when no allowed domains are configured. This vulnerability highlights the importance of rigorous policy validation and enforcement in sandboxing tools, especially those used to isolate potentially untrusted code.

For European organizations, the impact of this vulnerability is generally low due to the requirement for local high-privilege access and the absence of user interaction for exploitation. However, organizations relying on anthropic-experimental sandbox-runtime for isolating processes, particularly in development, testing, or security-critical environments, could face risks of unauthorized network communications from sandboxed processes. This could lead to potential data leakage or unauthorized external communications, undermining internal security controls. The vulnerability does not directly compromise system integrity or availability but weakens the sandbox's network isolation guarantees. Given the increasing use of sandboxing to secure workloads without containers, any failure in sandbox enforcement could be leveraged in multi-stage attacks or insider threat scenarios. European organizations with strict data protection requirements (e.g., GDPR) should be cautious about any unauthorized data exfiltration risks. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed to maintain a strong security posture.

1. Upgrade anthropic-experimental sandbox-runtime to version 0.0.16 or later immediately to apply the official patch that fixes the network sandbox enforcement bug. 2. Review and audit sandbox policies to ensure that network restrictions are explicitly and correctly configured, avoiding empty allowed domain lists that could trigger the vulnerability. 3. Implement strict access controls to limit who can deploy or modify sandbox policies and who can run sandboxed processes with high privileges. 4. Monitor network traffic originating from sandboxed processes for any anomalous or unauthorized connections, using network intrusion detection systems tailored to sandbox environments. 5. Employ defense-in-depth by combining sandboxing with other security controls such as endpoint detection and response (EDR) tools and application whitelisting. 6. Conduct regular security assessments and penetration tests focusing on sandbox configurations and enforcement mechanisms. 7. Educate developers and system administrators about the importance of correct sandbox policy configuration and the risks of misconfiguration.