Community
    • Login

    Notepad++ DLL Hijacking Vulnerability (CVE-2025-56383)

    Scheduled Pinned Locked Moved Security
    5 Posts 4 Posters 502 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DudeNamedReid
      last edited by

      Qualys has started alerting on this CVE as a severity 4, confirmed vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2025-56383

      It was originally identified in Notepad++ 8.8.3 but is still active in 8.8.5.0.
      Apparently, it’s a problem of dll hijkacking via dll substitution in the Notepad++ plugin directory.

      Are there plans to fix this?

      PeterJonesP 1 Reply Last reply Reply Quote 0
      • PeterJonesP
        PeterJones @DudeNamedReid
        last edited by PeterJones

        @DudeNamedReid said in Notepad++ DLL Hijacking Vulnerability (CVE-2025-56383):

        Are there plans to fix this?

        I assume when such a CVE is reported publically, it is reported to the Developer of the project as well; assuming so, it may be on his radar.

        OTOH, when I looked at the proof-of-concept repo that it linked to (https://github.com/zer0t0/CVE-2025-56383-Proof-of-Concept), I was struck by the inanity of the report. Literally, the bug is “if something malicious has permission to overwrite c:\program files\Notepad++\plugins\<pluginName>\pluginName.dll it can convince notepad++.exe to execute malicious code.” But literally everything that has permission to write that file also has permission to overwrite c:\program files\Notepad++\notepad++.exe itself, so every program in Program Files has an equivalent security bug – and why corrupt a DLL when you can corrupt the application itself with exactly the same amount of effort and permission? A CVE like this is completely pointless – it can only be exploited by a process that already has enough permissions to do anything it wants to any DLL or executable, at which point, it’s not Notepad++'s faut that you are already compromised, and there’s nothing it can do to protect you.

        (And whoever created the “issue #1” against that repo said the same thing, so it’s not just me who thinks this CVE was a waste of bits.)

        1 Reply Last reply Reply Quote 4
        • xomxX
          xomx
          last edited by

          @PeterJones is right, it’s a fake security vulnerability, more in:
          https://github.com/notepad-plus-plus/notepad-plus-plus/issues/17047

          Sometimes I wonder if the security “experts”, who already spread reports about this, are not only AI bots nowadays. I believe in humankind, people can’t be that stupid, or?

          D Lycan ThropeL 2 Replies Last reply Reply Quote 3
          • D
            DudeNamedReid @xomx
            last edited by

            @xomx and @PeterJones - Thanks for the follow up. I opened a case with Qualys and they have since rolled this back and it is no longer listed as an open vulnerability.

            1 Reply Last reply Reply Quote 2
            • Lycan ThropeL
              Lycan Thrope @xomx
              last edited by

              @xomx ,
              You’re right, and as I understand, the idiots submitting AI bug reports has the author a cURL very upset with people wasting their time with these issues. AI is not intelligent, nor is the idiot submitting reports of bugs “found” by it. :-)

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              The Community of users of the Notepad++ text editor.
              Powered by NodeBB | Contributors