Privilege Escalation in Notepad++ Installer Affects Multiple Users
CVE-2025-49144
Key Information:
- Vendor
Notepad-plus-plus
- Status
- Vendor
- CVE Published:
- 23 June 2025
Badges
What is CVE-2025-49144?
CVE-2025-49144 is a privilege escalation vulnerability found in the Notepad++ installer, particularly affecting versions 8.8.1 and earlier. Notepad++ is a widely used free and open-source source code editor that is popular among developers for its versatility and lightweight design. The vulnerability allows unprivileged users to gain SYSTEM-level privileges due to insecure executable search paths during the installation process. Attackers can exploit this flaw by leveraging social engineering techniques or clickjacking to convince users to download a legitimate Notepad++ installer alongside a malicious executable in the same directory, such as the typical Downloads folder. When users run the installer, the malicious executable can execute with elevated privileges, potentially compromising system integrity and security.
Potential Impact of CVE-2025-49144
-
Unauthorized System Access: The privilege escalation capability of this vulnerability enables attackers to gain unauthorized SYSTEM-level access. This can lead to a range of malicious activities, including installation of additional malware, data exfiltration, and complete system control.
-
Data Breaches and Compromise: Successful exploitation may expose sensitive data stored on the system, leading to data breaches. Organizations could face loss of confidential information, which can have financial impacts and damage reputations.
-
Increased Attack Surface: The vulnerability could serve as a gateway for further attacks, allowing malicious actors to move laterally within the network. This not only jeopardizes individual systems but can also threaten the security of interconnected systems and services, increasing the overall risk to the organization.
Affected Version(s)
notepad-plus-plus < 8.8.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Cyber Security Agency of SingaporeCVE-2025-49144High-Severity Vulnerability in Notepad++
Notepad++ has released security updates addressing a vulnerability affecting their product. Users and administrators of affected products are advised to...
2 weeks ago
Cyber Security Agency of SingaporeCVE-2025-49144High-Severity Vulnerability in Notepad++
Notepad++ has released security updates addressing a vulnerability affecting their product. Users and administrators of affected products are advised to...
2 weeks ago
Help Net SecurityWeek in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched - Help Net Security
Hereโs an overview of some of last weekโs most interesting news, articles, interviews and videos: Stealthy backdoor found hiding in SOHO devices running
2 weeks ago
References
CVSS V3.1
Timeline
- ๐ฅ
Vulnerability reached the number 1 worldwide trending spot
- ๐ก
Public PoC available
- ๐
Vulnerability started trending
- ๐พ
Exploit known to exist
- ๐ฐ
First article discovered by Red Hot Cyber
Vulnerability published
Vulnerability Reserved