CVE-2025-49144

high

malware scan detection code search

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.

7.3

cvss high

common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.

epss 0.0004

exploitation prediction scoring system. probability this vulnerability will be exploited in the wild in the next 30 days.

kev no

cisa known exploited vulnerabilities catalog. confirmed active exploitation.

CVSS 3.1 Common Vulnerability Scoring System v3.1

7.3 / 10

HIGH

exploitability

Attack Vector

Local

Attack Vector (AV:L): requires local access. attacker must have shell access or physical login.

Attack Complexity

Low

Attack Complexity (AC:L): no special conditions needed. attack can be reliably reproduced.

Privileges Required

Low

Privileges Required (PR:L): requires basic user-level access.

User Interaction

Required

User Interaction (UI:R): victim must perform some action (e.g. clicking a link, opening a file).

impact

Scope

Unchanged

Scope (S:U): impact limited to the vulnerable component.

Confidentiality

High

Confidentiality (C:H): total information disclosure. attacker gains access to all data within the component.

Integrity

High

Integrity (I:H): complete data modification possible. attacker can modify any data.

Availability

High

Availability (A:H): total denial of service. attacker can fully shut down the resource.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

exploitation detection attribution advisories media timeline

activity density

rdintel assessment

flagged malicious repos detected. do not execute.

public exploit available. prioritize patching.

detection rules available.

composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.

exploitation

actively exploited

Vendor - Product Name

Apply vendor-provided patches

poc repositories (3)

researcher/exploit-poc - 42 stars - Python

security-lab/cve-checker - 18 stars - Go

detection

nuclei-template-id - critical - by projectdiscovery

sigma-rule-title - high - windows

timeline

2024-01-15 - published - CVE record created

2024-01-18 - poc - First exploit code published

2024-01-20 - kev - Added to known exploited

pocs, detection rules, timeline, advisories, and more