EUVD-2026-14303
GHSA-c87r-r9gf-jq2q
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attack requires a high level of complexity. The exploitability is said to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
A DLL search path vulnerability exists in the TextShaping.dll library component of Flos Freeware Notepad2 version 4.2.25. An authenticated local attacker with low privileges could exploit this uncontrolled search path element (CWE-427) to execute arbitrary code with elevated privileges by placing a malicious DLL in the application's search path, achieving high impact to confidentiality, integrity, and availability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running Notepad2 v4.2.25 and assess usage scope. Within 7 days: Implement application restrictions (disable or uninstall Notepad2) on high-risk systems, or restrict file write permissions in application directories to prevent DLL injection. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today