A critical vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 allows attackers to escalate privileges to SYSTEM, risking full system control through a supply-chain attack. Immediate updating to version 8.8.2 is essential to mitigate this high-severity threat. #Notepad++ #CVE-2025-49144
Keypoints
- The vulnerability arises from insecure search paths in the Notepad++ installer.
- Attackers can execute malicious binaries with SYSTEM privileges by placing them in accessible directories.
- Exploitation involves placing malicious files and then running the installer, leading to privilege escalation.
- PoC materials demonstrate attackers can steal data, install malware, and move laterally within networks.
- The patched version v8.8.2 secures dependency paths and follows best practices to prevent future exploits.
Read More: https://gbhackers.com/notepad-vulnerability/