[Vulnerability Alert] High-Risk Security Vulnerability Found in Notepad++ (CVE-2025-15556), Please Confirm and Patch Immediately

• Subject Explanation: [Vulnerability Alert] High-Risk Security Vulnerability Found in Notepad++ (CVE-2025-15556), Please Confirm and Patch Immediately

• Content Description:
  • Forwarding National Information Security Analysis and Sharing Center (NISAC) Alert NISAC-200-202602-00000091
  • Researchers have discovered an Insufficient Update Integrity Verification vulnerability (CVE-2025-15556) in Notepad++. An unauthenticated remote attacker could exploit this when a user updates the Notepad++ application by misleading the installer to download and execute malicious code from a malicious server. This vulnerability has already been exploited by hackers; please confirm and patch immediately.
• Impacted Platforms:
  • Notepad++ 8.8.9 and earlier versions
• Suggested Measures:
  • Do not use the automatic update feature. Please download the update program from the official website and install it manually: https://notepad-plus-plus.org/downloads/v8.9.1/
• References:
  1. https://notepad-plus-plus.org/news/hijacked-incident-info-update/
  2. https://notepad-plus-plus.org/downloads/v8.9.1/
  3. https://nvd.nist.gov/vuln/detail/CVE-2025-15556

Computer and Communication Center
Network Systems Division