Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-49144
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path
Source: NVD (National Vulnerability Database)
Vulnerability Description
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
最小特权原则违背
Source: NVD (National Vulnerability Database)
Vulnerability Title
Notepad++ 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Notepad++是中国台湾侯今吾(Don Ho)个人开发者的一款开源的纯文本编辑器。 Notepad++ 8.8.1及之前版本存在安全漏洞,该漏洞源于安装程序存在不安全可执行文件搜索路径导致权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
notepad-plus-plusnotepad-plus-plus < 8.8.2 -
II. Public POCs for CVE-2025-49144
#POC DescriptionSource LinkShenlong Link
1PoC CVE-2025-49144 https://github.com/Vr00mm/CVE-2025-49144POC Details
2CVE-2025-49144 PoC for security researchers to test and try.https://github.com/TheTorjanCaptain/CVE-2025-49144_PoCPOC Details
3CVE-2025-49144 * Notepad++ v8.8.1 * SYSTEM-level POChttps://github.com/assad12341/notepad-v8.8.1-LPE-CVE-POC Details
4A test attack for CVE-2025-49144https://github.com/tristanvandermeer/CVE-2025-49144-TestPOC Details
5Proof of Concept (PoC) that exploits the CVE-2025-49144 vulnerability in the Notepad++ 8.8.1 installer. https://github.com/b0ySie7e/Notepad-8.8.1_CVE-2025-49144POC Details
6Nonehttps://github.com/timsonner/CVE-2025-49144-ResearchPOC Details
7Notepad++ Privilege Escalationhttps://github.com/0xCZR1/cve-2025-49144POC Details
8Nonehttps://github.com/onniio/CVE-2025-49144POC Details
9Nonehttps://github.com/ammarm0010/CVE-2025-49144_PoCPOC Details
10This is my reproduce PoC for CVE-2025-49144https://github.com/havertz2110/CVE-2025-49144POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-49144
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: notepad-plus-plus
Same vendor: notepad-plus-plus
Same weakness: CWE-272
V. Comments for CVE-2025-49144

No comments yet

Leave a comment