CVE-2025-15556

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.8.9

Description The Notepad++ WinGUp updater has a flaw in how it verifies the integrity of updates. This allows an attacker who can intercept or redirect update traffic to cause the updater to download and execute a malicious installer, leading to arbitrary code execution with the privileges of the user. This issue has been actively exploited in attacks, as highlighted by CISA. The vulnerability stems from a lack of cryptographic verification of downloaded update metadata and installers. Attackers could potentially use man-in-the-middle (MitM) techniques or DNS spoofing to redirect users to rogue update servers and deliver trojanized installers.

Recommendations Versions prior to 8.8.9 should be updated to version 8.8.9 or later.