[Security Vulnerability Alert] Notepad++ contains a high-risk security vulnerability (CVE-2025-15556). Please confirm and patch it as soon as possible.

[Security Vulnerability Alert] Notepad++ contains a high-risk security vulnerability (CVE-2025-15556). Please confirm and patch it as soon as possible.

2026/2/23 ～ 2026/9/23

View Count：20

Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202602-00000091

[Content Description]
Researchers have discovered a vulnerability in Notepad++ called Insufficient Update Integrity Verification (CVE-2025-15556). An unauthenticated remote attacker could mislead the installation process when a user updates Notepad++, causing the program to be downloaded to a malicious server and executed. This vulnerability has already been exploited by hackers; please confirm and patch it as soon as possible.

[Affected Platforms]
Notepad++ versions 8.8.9 and earlier

[Recommended Measures]
Do not use automatic updates. Please download the update program from the official website and install it manually: https://notepad-plus-plus.org/downloads/v8.9.1/

[References]
1. https://notepad-plus-plus.org/news/hijacked-incident-info-update/
2. https://notepad-plus-plus.org/downloads/v8.9.1/
3. https://nvd.nist.gov/vuln/detail/CVE-2025-15556

[Security Vulnerability Alert] Notepad++ contains a high-risk security vulnerability (CVE-2025-15556). Please confirm and patch it as soon as possible.

2026/2/23 ～ 2026/9/23

View Count：20

Files

None

【Back】