Community
    • Login

    Security of Legacy Notepad++ Versions (CVE-2025-49144)

    Scheduled Pinned Locked Moved Security
    3 Posts 3 Posters 104 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bhaalthazar
      last edited by

      Hello,

      With the recent disclosure of CVE-2025-49144, which affects Notepad++ versions prior to 8.8.2, and the availability of a public exploit, I was wondering if there has been any discussion or plan regarding patching older vulnerable versions or restricting access to outdated installers from official sources to help protect users who might unknowingly download them.

      Has anyone seen any official communication or thoughts from the development team on this?

      Thanks in advance for any insights!

      Best regards,

      mkupperM Mark OlsonM 2 Replies Last reply Reply Quote 1
      • mkupperM
        mkupper @Bhaalthazar
        last edited by mkupper

        @Bhaalthazar, I personally think the vulnerability is minor. It either depends on people downloading a Notepad++ update from somewhere other than the official Notepad++ site or it depends on a potential victim’s machine to already be infected with a virus that in turn needs to jump through an elaborate set of hoops to take advantage the CVE-2025-49144 vulnerability.

        1 Reply Last reply Reply Quote 0
        • Mark OlsonM
          Mark Olson @Bhaalthazar
          last edited by Mark Olson

          @Bhaalthazar said in Security of Legacy Notepad++ Versions (CVE-2025-49144):

          patching older vulnerable versions

          I can’t comment on the rest of what you said, but I can confidently state that the Notepad++ developers do not release patches on older versions of Notepad++; they only issue new versions. If a user needs a version of Notepad++ that includes a fix to an old bug, their only option is to update to a newer version.

          This has always been the case and I see no reason to expect that it will ever change, because Notepad++ does not have nearly enough regular contributors (nor do those contributors have enough time) to manage multiple versions simultaneously.

          1 Reply Last reply Reply Quote 3
          • First post
            Last post
          The Community of users of the Notepad++ text editor.
          Powered by NodeBB | Contributors