Out-of-Bounds Read Vulnerability in NotepadNext by dail8859
CVE-2025-52938

5.1MEDIUM

Key Information:

Vendor: Dail8859
Status: Notepadnext
Vendor: CVE Published:; 23 June 2025

What is CVE-2025-52938?

An out-of-bounds read vulnerability exists in NotepadNext, specifically related to luaK_exp2anyregup calls in lparser.c. This weakness may lead to heap-based buffer over-reads, posing a risk for systems running untrusted Lua code. Users of NotepadNext versions up to v0.11 should address this issue promptly to maintain system security.

Affected Version(s)

NotepadNext 0

References

https://github.com/dail8859/NotepadNext/pull/756

patchthird-party-advisory

https://github.com/dail8859/NotepadNext/commit/66b8a97d9f...

patch

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2025
Vulnerability Reserved
Jun 23, 2025

Credit

TITAN Team ([email protected])