vulnerability

NotepadPlusPlus: CVE-2025-56383: Uncontrolled Search Path Element

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Sep 26, 2025	Oct 13, 2025	Oct 13, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Sep 26, 2025

Added

Oct 13, 2025

Modified

Oct 13, 2025

Description

Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary unprivileged users.

Solution

notepadplusplus-notepadplusplus-upgrade-latest

References

CWE-427
CVE-2025-56383
https://attackerkb.com/topics/CVE-2025-56383
URL-https://github.com/notepad-plus-plus/notepad-plus-plus
URL-https://github.com/zer0t0/CVE-2025-56383-Proof-of-Concept
URL-https://github.com/zer0t0/CVE-2025-56383-Proof-of-Concept/issues/1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today