Severe Notepad++ Flaw Allows Attackers to Seize Full System Control – PoC Released
Posted: Thu Jun 26, 2025 3:10 pm
A severe privilege escalation vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 allows attackers to gain SYSTEM-level privileges through insecure executable search paths.
The flaw, classified as “High” severity, exploits the installer’s uncontrolled search for dependencies in the current working directory.
Attackers can plant malicious executables (e.g., regsvr32.exe) in the same directory as the installer, triggering automatic execution with elevated privileges upon installation.
https://cyberpress.org/severe-notepad-flaw/
The flaw, classified as “High” severity, exploits the installer’s uncontrolled search for dependencies in the current working directory.
Attackers can plant malicious executables (e.g., regsvr32.exe) in the same directory as the installer, triggering automatic execution with elevated privileges upon installation.
https://cyberpress.org/severe-notepad-flaw/