7.3
HIGH
CVE-2025-49144
Notepad++ Privilege Escalation Vulnerability
Description

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.

INFO

Published Date :

June 23, 2025, 7:15 p.m.

Last Modified :

June 23, 2025, 8:16 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.3
Public PoC/Exploit Available at Github

CVE-2025-49144 has a 13 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-49144 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Notepad-plus-plus notepad\+\+
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-49144.

URL Resource
https://drive.google.com/drive/folders/11yeUSWgqHvt4Bz5jO3ilRRfcpQZ6Gvpn
https://github.com/notepad-plus-plus/notepad-plus-plus/commit/f2346ea00d5b4d907ed39d8726b38d77c8198f30
https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-9vx8-v79m-6m24

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
GiZcesi/HJregsvr32

None

C Python

Updated: 1 week, 5 days ago
0 stars 0 fork 0 watcher
Born at : July 2, 2025, 5:44 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
timsonner/CVE-2025-49144-Research

None

C#

Updated: 1 week, 5 days ago
0 stars 0 fork 0 watcher
Born at : July 2, 2025, 4:03 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
b0ySie7e/Notepad-8.8.1_CVE-2025-49144

Proof of Concept (PoC) that exploits the CVE-2025-49144 vulnerability in the Notepad++ 8.8.1 installer.

Python

Updated: 2 weeks ago
2 stars 0 fork 0 watcher
Born at : June 29, 2025, 12:11 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
65-75-65-83-72/65-75-65-83-72.github.io

Discover the CVE-2025-49144 vulnerability in Notepad++ installers. This PoC highlights local privilege escalation risks. 🛠️🔍

Updated: 2 weeks, 2 days ago
0 stars 0 fork 0 watcher
Born at : June 28, 2025, 2:39 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
65-75-65-83-72/CVE-2025-49144_PoC

Discover CVE-2025-49144, a local privilege escalation flaw in Notepad++ installers. Learn how attackers exploit this vulnerability. 🐙🔍

cve-2025-49144 cybersecurity-education kali-linux notepad-plus-plus windows

C

Updated: 2 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : June 28, 2025, 2:38 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
tristanvandermeer/CVE-2025-49144-Test

A test attack for CVE-2025-49144

Updated: 4 days, 22 hours ago
0 stars 0 fork 0 watcher
Born at : June 26, 2025, 8:34 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
assad12341/notepad-v8.8.1-LPE-CVE-

CVE-2025-49144 * Notepad++ v8.8.1 * SYSTEM-level POC

Updated: 2 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : June 26, 2025, 6:17 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
TheTorjanCaptain/CVE-2025-49144_PoC

CVE-2025-49144 PoC for security researchers to test and try.

cve-2025-49144 cybersecurity-education kali-linux notepad-plus-plus windows

C

Updated: 5 days, 15 hours ago
56 stars 20 fork 20 watcher
Born at : June 25, 2025, 7:23 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
Vr00mm/CVE-2025-49144

PoC CVE-2025-49144

Go C

Updated: 2 weeks ago
1 stars 0 fork 0 watcher
Born at : June 24, 2025, 4:01 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
plzheheplztrying/cve_monitor

None

HTML Python Shell

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : Feb. 13, 2025, 8:50 a.m. This repo has been linked 890 different CVEs too.
Profile Photo
0xMarcio/cve

Latest CVEs with their Proof of Concept exploits.

Python

Updated: 2 days, 13 hours ago
72 stars 9 fork 9 watcher
Born at : May 24, 2024, 11:02 a.m. This repo has been linked 82 different CVEs too.
Profile Photo
GhostTroops/TOP

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

bugbounty cve exp exploit payload poc rce vulnerability

Shell

Updated: 3 days ago
700 stars 120 fork 120 watcher
Born at : March 19, 2022, 1:54 a.m. This repo has been linked 285 different CVEs too.
Profile Photo
nomi-sec/PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 2 days, 13 hours ago
7078 stars 1188 fork 1188 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 809 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-49144 vulnerability anywhere in the article.

  • Help Net Security
Week in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Stealthy backdoor found hiding in SOHO devices running Linux SecurityScorecard’s STRIKE team has uncov ... Read more

Published Date: Jun 29, 2025 (2 weeks, 1 day ago)
CVE-2025-49144 CVE-2025-6218 CVE-2025-5777
  • TheCyberThrone
Cisco ISE Vulnerabilities June 2025

Skip to contentCisco has disclosed three major security vulnerabilities in its Identity Services Engine (ISE) and ISE-PIC platforms. Two of them are critical remote code execution (RCE) flaws that can ... Read more

Published Date: Jun 27, 2025 (2 weeks, 3 days ago)
CVE-2025-20282 CVE-2025-20281 CVE-2025-20264 CVE-2025-49144 CVE-2024-20399
  • TheCyberThrone
CISA Catalog Update-June 25, 2025

Skip to content🔍 Executive SummaryThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent update to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting three ... Read more

Published Date: Jun 26, 2025 (2 weeks, 5 days ago)
CVE-2025-49144 CVE-2024-54085 CVE-2024-0769 CVE-2019-6693
  • TheCyberThrone
CVE-2025-49144 Privilege Escalation via Notepad++ Installer

Skip to content🛑 OverviewCVE-2025-49144 is a high-severity local privilege escalation vulnerability identified in Notepad++ versions 8.8.1 and earlier. The flaw stems from an insecure executable loadi ... Read more

Published Date: Jun 26, 2025 (2 weeks, 5 days ago)
CVE-2025-49144
  • Help Net Security
Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is cu ... Read more

Published Date: Jun 25, 2025 (2 weeks, 5 days ago)
CVE-2025-49144
  • Cyber Security News
Notepad++ Vulnerability Let Attacker Gains Complete System Control – PoC Released

A severe privilege escalation vulnerability has been discovered in Notepad++ version 8.8.1, potentially exposing millions of users worldwide to complete system compromise. The flaw, designated CVE-202 ... Read more

Published Date: Jun 24, 2025 (2 weeks, 6 days ago)
CVE-2025-49144 CVE-2023-47452 CVE-2023-6401

The following table lists the changes that have been made to the CVE-2025-49144 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Jun. 23, 2025

    Action Type Old Value New Value
    Added Description Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
    Added CWE CWE-427
    Added CWE CWE-272
    Added CWE CWE-276
    Added Reference https://drive.google.com/drive/folders/11yeUSWgqHvt4Bz5jO3ilRRfcpQZ6Gvpn
    Added Reference https://github.com/notepad-plus-plus/notepad-plus-plus/commit/f2346ea00d5b4d907ed39d8726b38d77c8198f30
    Added Reference https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-9vx8-v79m-6m24
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: Jul. 15, 2025 2:15