Community
    • Login

    Security of Legacy Notepad++ Versions (CVE-2025-49144)

    Scheduled Pinned Locked Moved Security
    5 Posts 4 Posters 7.8k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      Bhaalthazar
      last edited by

      Hello,

      With the recent disclosure of CVE-2025-49144, which affects Notepad++ versions prior to 8.8.2, and the availability of a public exploit, I was wondering if there has been any discussion or plan regarding patching older vulnerable versions or restricting access to outdated installers from official sources to help protect users who might unknowingly download them.

      Has anyone seen any official communication or thoughts from the development team on this?

      Thanks in advance for any insights!

      Best regards,

      mkupperM Mark OlsonM xomxX 3 Replies Last reply Reply Quote 1
      • mkupperM Offline
        mkupper @Bhaalthazar
        last edited by mkupper

        @Bhaalthazar, I personally think the vulnerability is minor. It either depends on people downloading a Notepad++ update from somewhere other than the official Notepad++ site or it depends on a potential victim’s machine to already be infected with a virus that in turn needs to jump through an elaborate set of hoops to take advantage the CVE-2025-49144 vulnerability.

        1 Reply Last reply Reply Quote 3
        • Mark OlsonM Offline
          Mark Olson @Bhaalthazar
          last edited by Mark Olson

          @Bhaalthazar said in Security of Legacy Notepad++ Versions (CVE-2025-49144):

          patching older vulnerable versions

          I can’t comment on the rest of what you said, but I can confidently state that the Notepad++ developers do not release patches on older versions of Notepad++; they only issue new versions. If a user needs a version of Notepad++ that includes a fix to an old bug, their only option is to update to a newer version.

          This has always been the case and I see no reason to expect that it will ever change, because Notepad++ does not have nearly enough regular contributors (nor do those contributors have enough time) to manage multiple versions simultaneously.

          1 Reply Last reply Reply Quote 7
          • B Offline
            Bhaalthazar
            last edited by

            @mkupper & @Mark-Olson, thanks a lot for your reply, that cleared things up.

            1 Reply Last reply Reply Quote 0
            • xomxX Offline
              xomx @Bhaalthazar
              last edited by

              @Bhaalthazar said in Security of Legacy Notepad++ Versions (CVE-2025-49144):

              patching older vulnerable versions

              It could be fun, now without the public CA cert available…

              1 Reply Last reply Reply Quote 1

              Hello! It looks like you're interested in this conversation, but you don't have an account yet.

              Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

              With your input, this post could be even better 💗

              Register Login
              • First post
                Last post
              The Community of users of the Notepad++ text editor.
              Powered by NodeBB | Contributors