CVE-2025-46716 – Sandboxie Kernel Pointer Read Vulnerability

May 22, 2025

CVE ID : CVE-2025-46716

Published : May 22, 2025, 5:15 p.m. | 1 hour, 36 minutes ago

Description : Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47779 – Asterisk SIP Message Authentication Spoofing Vulnerability

Next Article CVE-2025-46715 – Sandboxie Kernel Pointer Write Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

My favorite gaming service is 40% off right now (and no, it’s not Xbox Game Pass)

A timeline of JavaScript’s history

A timeline of JavaScript’s history

Loading JSON Data into Snowflake From Local Directory

Streamline Conditional Logic with Laravel’s Fluent Conditionable Trait

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

CVE-2025-46716 – Sandboxie Kernel Pointer Read Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-47535 – Opal Woo Custom Product Variation Path Traversal

CVE-2025-5001 – GNU PSPP calloc Integer Overflow Vulnerability

Researchers at Stanford Use AI and Spatial Transcriptomics to Discover What Makes Some Cells Age Faster/Slower in the Brain

Rilasciata Grml 2025.05: La Nuova Versione Stabile della Distribuzione GNU/Linux per l’Amministrazione di Sistema

CVE-2024-46506 – NetAlertX Unauthenticated Command Injection Vulnerability

ESET APT Activity Report Q4 2024–Q1 2025

Prometheus – systems and service monitoring system

FBI Recovers 7,000 LockBit Keys, Encourages Victims to Come Forward

Why Supply Chain Automation is Necessary for Business Growth?

CVE-2025-46716 – Sandboxie Kernel Pointer Read Vulnerability

Related Posts