CVE-2025-15556

moderate-risk
Published 2026-02-03

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges of the user.

Do I need to act?

~
6.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / HIGH complexity

Affected Products (1)

Notepad\+\+

Affected Vendors

Notepad-Plus-Plus

References (7)

Release Notes https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability...
Patch https://github.com/notepad-plus-plus/notepad-plus-plus/commit/bcf2aa68ef414338d7...
Patch https://github.com/notepad-plus-plus/wingup/commit/ce0037549995ed0396cc363544d14...
Patch https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Third Party Advisory https://www.vulncheck.com/advisories/notepad-plus-plus-wingup-updater-lacks-upda...
Vendor Advisory https://notepad-plus-plus.org//news//clarification-security-incident/
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
43
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 16/34 · Moderate
Exposure 5/34 · Minimal