EUVD-2026-14299
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high complexity. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Flos Freeware Notepad2 version 4.2.25 contains an uncontrolled search path vulnerability (DLL hijacking) in the PROPSYS.dll library. A local attacker with low privileges could exploit this to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability, though the attack complexity is high and exploitation is considered difficult. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running Notepad2 4.2.25 and restrict access to users with genuine business need. Within 7 days: Evaluate alternatives (use Windows Notepad, VS Code, or other maintained editors) and develop a migration plan. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today