A severe privilege escalation vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 allows attackers to gain SYSTEM-level privileges through insecure executable search paths.
The flaw, classified as “High” severity, exploits the installer’s uncontrolled search for dependencies in the current working directory.
Attackers can plant malicious executables (e.g., regsvr32.exe) in the same directory as the installer, triggering automatic execution with elevated privileges upon installation.
https://cyberpress.org/severe-notepad-flaw/