Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2025-56383

CVE-2025-56383

8.4

High

Published:26 Sep 2025

Last updated:17 Jun 2026

Source:cve@mitre.org

Deferred

Weakness (CWE)

CWE-427CWE-427

CVSS Vector

v3.1

Attack Vector: Local
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary unprivileged users.

References

cve@mitre.org

https://github.com/notepad-plus-plus/notepad-plus-plus

cve@mitre.org

https://github.com/zer0t0/CVE-2025-56383-Proof-of-Concept

cve@mitre.org

https://github.com/zer0t0/CVE-2025-56383-Proof-of-Concept/issues/1

cve@mitre.org

https://www.vicarius.io/vsociety/posts/cve-2025-56383-detect-notepad-vulnerability

cve@mitre.org

https://www.vicarius.io/vsociety/posts/cve-2025-56383-mitigate-notepad-vulnerability