CVE-2025-15556

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.8.9

Description The WinGUp updater in Notepad++ versions prior to 8.8.9 has a flaw in how it verifies the integrity of updates. Specifically, downloaded update metadata and installers are not cryptographically verified. This allows an attacker who can intercept or redirect update traffic to cause the updater to download and execute an attacker-controlled installer, leading to arbitrary code execution with the privileges of the user. This issue is actively being exploited in attacks, and has been added to CISA’s Known Exploited Vulnerabilities catalog. Attackers may use man-in-the-middle (MitM) techniques or DNS spoofing to redirect users to malicious installers, potentially deploying ransomware, malware droppers, or establishing persistent backdoors.

Recommendations Update Notepad++ to version 8.8.9 or later.