Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-49144
CVE-2025-49144:
Notepad++ vulnerability analysis and mitigation
Overview
CVE-2025-49144 is a high-severity privilege escalation vulnerability discovered in Notepad++ versions 8.8.1 and prior. The vulnerability exists in the Notepad++ installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. The flaw was discovered by security researchers Shashi Raj, Yatharth Tyagi, and Kunal Choudhary, and was privately disclosed to Notepad++ developer Don Ho (Help Net Security).
Technical details
The vulnerability stems from uncontrolled EXE/DLL search paths in the Notepad++ installer. During installation, the software insecurely searches for executable dependencies in the current working directory without verification. The flaw has been assigned a CVSS v3.1 score of 7.3 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The vulnerability is associated with three CWE categories: CWE-276 (Incorrect Default Permissions), CWE-272 (Least Privilege Violation), and CWE-427 (Uncontrolled Search Path Element) (GBHackers).
Impact
Successful exploitation of this vulnerability allows attackers to gain complete system control through a supply-chain attack. When exploited, attackers can steal sensitive data, install persistent malware, and pivot to other network systems. The vulnerability's severity is amplified by Notepad++'s widespread adoption in corporate environments, potentially leading to data breaches and complete system compromise (Cyber Security News).
Mitigation and workarounds
Notepad++ has addressed the vulnerability in version 8.8.2 by implementing secure library loading practices and absolute path verification for executable dependencies. Users are strongly advised to update to the patched version immediately. Due to issues with code signing certificates, the release will be unsigned but will include GPG signatures for verification. Users should download the software only from the official Notepad++ site and verify open source downloads before running them (Help Net Security).
Community reactions
The security community has emphasized the critical nature of this vulnerability, particularly due to Notepad++'s popularity among developers and IT professionals. The researchers requested the advisory details be temporarily redacted to prevent weaponization before patches are widely deployed, demonstrating a commitment to coordinated disclosure that balances public awareness with security (Help Net Security).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management