Out-of-bounds Write Vulnerability in NotepadNext by dail8859
CVE-2025-52939

9.4CRITICAL

Key Information:

Vendor: Dail8859
Status: Notepadnext
Vendor: CVE Published:; 23 June 2025

What is CVE-2025-52939?

An out-of-bounds write vulnerability has been identified in NotepadNext, located within the lua/src modules, particularly in the handling of certain program files such as ldebug.C and lvm.C. This flaw allows attackers to manipulate memory buffers, potentially leading to arbitrary code execution or application crashes. It is crucial for users of NotepadNext to apply the latest updates available to mitigate this issue effectively.

Affected Version(s)

NotepadNext 0

References

https://github.com/dail8859/NotepadNext/pull/757/files

patchthird-party-advisory

https://github.com/dail8859/NotepadNext/commit/3e928d91b8...

patch

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2025
Vulnerability Reserved
Jun 23, 2025

Credit

TITAN Team ([email protected])

Dail8859

What is CVE-2025-52939?

Affected Version(s)

References

CVSS V4

Timeline

Credit