CVE-2025-49144

Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.8.1 and prior

Description Notepad++ is a free and open-source source code editor. A privilege escalation flaw exists in the Notepad++ installer (versions 8.8.1 and prior) due to insecure executable search paths. This allows unprivileged users to gain SYSTEM-level privileges. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory. Upon running the installer, the malicious executable could execute automatically with SYSTEM privileges. A proof-of-concept exploit is publicly available. The vulnerability stems from the installer's insecure handling of executable loading during installation, specifically relying on an insecure search path for executables like regsvr32.exe. The issue has been fixed in version 8.8.2, which uses absolute paths to system executables. Some reports indicate that the 8.8.2 release was initially distributed with a self-signed certificate, requiring users to add it to their Trusted Root CA store.

Recommendations Update to Notepad++ version 8.8.2 or later.