CVE-2025-56383

Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.8.3 and earlier

Description Notepad++ version 8.8.3 contains a DLL hijacking flaw. This allows an attacker to replace original DLL files, such as NppExport.dll, with malicious versions, leading to arbitrary code execution. The attack occurs when a malicious DLL is placed in the plugin directory. The flaw could impact millions of users, with some reports indicating approximately 28 million potentially affected. A proof-of-concept exploit is publicly available. The vulnerability allows for local code execution, potentially enabling malware persistence across system reboots. The attacker can modify the application's behavior while maintaining its typical appearance to users. The malicious DLL executes in the background, allowing attackers to manipulate the system with the same permissions as the user running Notepad++.

Recommendations Update to a patched version when available. As a temporary workaround, consider restricting write access to the Notepad++ plugin directory. Avoid downloading Notepad++ from unofficial sources.