How to fix CVE-2025-49144?

Within 24 hours: Issue urgent communication to all users prohibiting download and installation of Notepad++ until further notice. Within 7 days: Inventory all systems running Notepad++ v8.8.1 or earlier and document business-critical dependencies. Monitor vendor announcements for v8.8.2 release. Within 30 days: Deploy v8.8.2 or later across all affected systems once available; enforce application whitelisting policies to prevent unauthorized executable execution in user directories.

CVE-2025-49144

EUVD-2025-19601 HIGH

2025-06-23 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 22:10 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 22:10 euvd

EUVD-2025-19601

CVE Published

Jun 23, 2025 - 19:15 nvd

HIGH 7.3

Description

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.

Analysis

CVE-2025-49144 is a privilege escalation vulnerability in Notepad++ v8.8.1 and earlier that exploits insecure executable search paths in the installer to allow unprivileged local users to execute arbitrary code with SYSTEM privileges. An attacker can leverage social engineering to colocate a malicious executable with the legitimate installer in a writable directory (e.g., Downloads), and upon installer execution, the malicious payload runs with elevated privileges. The vulnerability is fixed in version 8.8.2.

Technical Context

The vulnerability stems from CWE-272 (Improper Privilege Management), specifically an insecure DLL/executable search path issue in the Notepad++ installer. Windows executables, including installers, perform dynamic linking and may search for dependencies in the current working directory before system paths. When the Notepad++ installer is executed from a user-writable directory (Downloads, Desktop, etc.), it can be manipulated to load a malicious executable with the same name as an expected library or dependency. Since the installer typically runs with elevated privileges during installation, any code loaded through this path executes with SYSTEM-level privileges. The affected product is Notepad++ (CPE: cpe:2.3:a:notepad++:notepad++:*:*:*:*:*:*:*:*) versions through 8.8.1. The root cause is improper validation of executable search paths and failure to use absolute paths or secure loading mechanisms.

Affected Products

Notepad++ (8.8.1 and all prior versions)

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2025-49144 vulnerability details – vuln.today

Back

CVE-2025-49144

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-49144

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code