Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/24 5:18 p.m.15 views

CVE-2025-46715

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiGetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write t...

7.8CVSS6.7AI score0.00202EPSS
Exploits1References1
NVD
NVD
added 2025/05/22 5:15 p.m.11 views

CVE-2025-46715

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiGetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write t...

7.8CVSS0.00202EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/22 4:46 p.m.6 views

CVE-2025-46715 Sandboxie Arbitrary Kernel Write in SbieDrv.sys API (API_GET_SECURE_PARAM)

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiGetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write t...

7.8CVSS7.5AI score0.00202EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/22 4:46 p.m.21 views

CVE-2025-46715 Sandboxie Arbitrary Kernel Write in SbieDrv.sys API (API_GET_SECURE_PARAM)

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiGetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write t...

7.8CVSS0.00202EPSS
Exploits1References1
CVE
CVE
added 2025/05/22 4:46 p.m.52 views

CVE-2025-46715

Sandboxie is affected by CVE-2025-46715 due to Api_GetSecureParam not sanitizing incoming pointers, allowing a kernel pointer to be written by GetRegValue to a chosen SBIE registry entry. This enables an attacker to dump registry contents via SbieDrv.sys on Windows systems, including low integrit...

7.8CVSS7.5AI score0.00202EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder