Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
DLL hijacking in Notepad2 4.2.25 allows local attackers with low privileges to achieve code execution by exploiting an uncontrolled search path vulnerability in PROPSYS.dll loading. The attack vector requires local access with high complexity (CVSS 7.3, CVSS v4.0), classified as difficult to exploit by the reporting source (VulDB). EPSS score of 0.01% (1st percentile) indicates minimal observed exploitation activity, and no active exploitation or public POC has been confirmed. Vendor (Flos Freeware) did not respond to coordinated disclosure, leaving patch status uncertain.
Technical ContextAI
This vulnerability exploits CWE-427 (Uncontrolled Search Path Element), commonly known as DLL hijacking or DLL preloading. When Notepad2 4.2.25 loads the Windows system library PROPSYS.dll (Windows Property System), it searches directories in an unsafe order, potentially loading a malicious DLL from a user-writable location before the legitimate system library. PROPSYS.dll provides property schema functionality for Windows file metadata. The affected product is Flos Freeware Notepad2, a lightweight text editor fork, identified by CPE cpe:2.3:a:flos_freeware:notepad2:*:*:*:*:*:*:*:*. The CVSS vector indicates local attack vector (AV:L), high complexity (AC:H), low privileges required (PR:L), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H) with no scope change.
RemediationAI
No official vendor patch has been released, as Flos Freeware did not respond to vulnerability disclosure (per VulDB submission 774752). Users of Notepad2 4.2.25 should consider these compensating controls: First, upgrade to a maintained alternative text editor such as Notepad++ or the original Notepad2-mod fork, which has active maintenance. Second, if continued use is required, restrict application deployment to non-privileged user contexts and implement application whitelisting to prevent unauthorized DLL loading from user-writable directories (e.g., using Windows Defender Application Control or AppLocker policies blocking DLL loads outside System32/SysWOW64). Third, apply principle of least privilege by ensuring users running Notepad2 have minimal filesystem write permissions, particularly to the application directory and current working directory. Note that DLL hijacking mitigations may cause application instability if the application legitimately loads plugins or extensions from user directories. Monitor vendor channels (if they resume communication) for future security updates, though the lack of response suggests this may be an abandoned project. For detailed technical analysis, refer to VulDB entry 352372 at https://vuldb.com/?id.352372.
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14299