Notepad
CVE-2025-15556
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges of the user.
AnalysisAI
Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CVE-2025-15556) when using the WinGUp updater. The update mechanism fails to cryptographically verify downloaded metadata and installers, allowing man-in-the-middle attackers to serve malicious executables during the update process. KEV-listed, this supply chain risk affects one of the most widely used text editors on Windows.
Technical ContextAI
The WinGUp updater used by Notepad++ checks for updates and downloads installers over the network. Neither the update metadata (version check, download URL) nor the downloaded installer binary is cryptographically verified (no digital signature validation, no hash verification). An attacker in a network position to intercept or redirect HTTP/HTTPS traffic can serve a modified update manifest pointing to a malicious installer, or directly replace the installer binary during download.
RemediationAI
Update Notepad++ to 8.8.9 or later immediately. Download updates only from the official Notepad++ website. Verify installer signatures before execution. Consider deploying Notepad++ updates through centralized software management rather than auto-update.
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Ev
An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msim
Notepad++ is a free and open-source source code editor. Rated high severity (CVSS 7.8), this vulnerability is no authent
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (Ux
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode ch
String injection in Notepad++ 8.9.3 leads to memory address disclosure or application crash when processing maliciously
Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). Rated medium severity (CVSS
Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authe
Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authe
Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authe
A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. Rated medium severity (CVSS 5.5
A vulnerability classified as problematic was found in NotePad++ up to 8.1. Rated high severity (CVSS 7.8), this vulnera
Same weakness CWE-494 – Download of Code Without Integrity Check
View allShare
External POC / Exploit Code
Leaving vuln.today