{"id":39491,"date":"2026-02-03T14:02:50","date_gmt":"2026-02-03T19:02:50","guid":{"rendered":"https:\/\/www.yorku.ca\/uit\/?p=39491"},"modified":"2026-02-03T14:03:19","modified_gmt":"2026-02-03T19:03:19","slug":"notepad-vulnerability-cve-2025-15556","status":"publish","type":"post","link":"https:\/\/www.yorku.ca\/uit\/2026\/02\/notepad-vulnerability-cve-2025-15556\/","title":{"rendered":"Notepad ++ Vulnerability (CVE-2025-15556)"},"content":{"rendered":"
\n
\n
\n

 <\/o:p><\/span><\/p>\n

\n\n\n\n
\n\n\n\n\n
<\/td>\n<\/tr>\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n\n
<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n
\n\n\n\n
\n\n\n\n
\n\n\n\n\n\n
\n

\"A<\/span><\/o:p><\/span><\/p>\n

 <\/o:p><\/span><\/p>\n

Information Security Advisory<\/span><\/b><\/o:p><\/span><\/span><\/p>\n


A recently discovered Notepad++ vulnerability (CVE\u20112025\u201115556) allows attackers to execute arbitrary code by exploiting insecure update integrity verification.<\/o:p><\/span><\/p>\n

Severity level<\/span><\/b> 
<\/span><\/b>CVSS Score: 7.7\/high

Description<\/b>:
Notepad++ is a free and open-source source code editor. A vulnerability exists in Notepad++ versions prior to 8.8.9 involving the WinGUp updater, which fails to cryptographically verify downloaded update metadata and installer files. An attacker who can intercept or redirect update traffic may fraudulently supply a malicious installer that the updater will download and run. This can result in arbitrary code execution with the privileges of the user, potentially compromising the system. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory. 
<\/span>
Affected Versions<\/b><\/span>:
<\/span><\/b>All versions prior to 8.8.9.

Impact:
<\/b>Successful exploitation enables attackers to execute arbitrary code potentially leading to compromise of affected systems.
<\/span>
Resolution:
<\/span><\/b>Update to the version 8.8.9 or later.<\/span><\/o:p><\/span><\/p>\n

Reference:<\/span><\/b><\/span><\/o:p><\/span><\/b><\/span><\/p>\n

https:\/\/notepad-plus-plus.org\/news\/hijacked-incident-info-update\/<\/span><\/a><\/o:p><\/span><\/span><\/p>\n

https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-15556<\/span><\/a><\/o:p><\/span><\/span><\/p>\n

https:\/\/www.tenable.com\/cve\/CVE-2025-15556<\/span><\/a><\/o:p><\/span><\/span><\/p>\n

https:\/\/www.tenable.com\/blog\/frequently-asked-questions-about-notepad-supply-chain-compromise<\/span><\/a><\/o:p><\/span><\/span><\/p>\n

 <\/o:p><\/span><\/p>\n

 <\/o:p><\/span><\/p>\n

<\/p>\n

Information Security<\/span> <\/o:p><\/span><\/p>\n

<\/p>\n

Contact <\/span><\/b><\/o:p><\/span><\/p>\n

IT Client Services at <\/span>askIT@yorku.ca<\/a><\/span><\/a> or 416 736 5800 <\/o:p><\/span><\/span><\/p>\n<\/td>\n<\/tr>\n

\n

 <\/o:p><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n

\n\n\n\n
\n\n\n\n\n
\n

 <\/o:p><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n

\n\n\n\n
\n\n\n\n
\n\n\n\n\n
<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n

PRIVACY POLICY<\/span><\/a> | <\/span>VISIT WWW.YORKU.CA<\/span><\/a>
This email was sent by: ¿ì²¥ÊÓƵ, 4700 Keele Street, Toronto, Ontario M3J 1P3<\/b> <\/span><\/o:p><\/span><\/p>\n

This email is viewed best in Microsoft Outlook for web <\/span><\/o:p><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/o:p><\/span><\/p>\n

 <\/o:p><\/span><\/p><\/div>\n<\/p><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    Information Security Advisory A recently discovered Notepad++ vulnerability (CVE\u20112025\u201115556) allows attackers to execute arbitrary code by exploiting insecure update integrity verification. Severity level  CVSS Score: 7.7\/high Description: Notepad++ is a free and open-source source code editor. A vulnerability exists in Notepad++ versions prior to 8.8.9 involving the WinGUp updater, which fails to cryptographically […]<\/p>\n","protected":false},"author":212,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","footnotes":""},"categories":[29],"tags":[],"class_list":["post-39491","post","type-post","status-publish","format-standard","hentry","category-news"],"taxonomy_info":{"category":[{"value":29,"label":"News"}]},"featured_image_src_large":false,"author_info":{"display_name":"aalaily","author_link":"https:\/\/www.yorku.ca\/uit\/author\/aalaily\/"},"comment_info":"","category_info":[{"term_id":29,"name":"News","slug":"news","term_group":0,"term_taxonomy_id":3,"taxonomy":"category","description":"","parent":0,"count":485,"filter":"raw","cat_ID":29,"category_count":485,"category_description":"","cat_name":"News","category_nicename":"news","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/posts\/39491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/users\/212"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/comments?post=39491"}],"version-history":[{"count":0,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/posts\/39491\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/media?parent=39491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/categories?post=39491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/tags?post=39491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}