From cybersecuritynews.com
A severe privilege escalation vulnerability has been discovered in Notepad++ version 8.8.1, potentially exposing millions of users worldwide to complete system compromise.
The flaw, designated CVE-2025-49144, allows attackers to gain SYSTEM-level privileges through a technique known as binary planting, with a proof-of-concept demonstration now publicly available.
The vulnerability affects the Notepad++ v8.8.1 installer released on May 5, 2025, exploiting an uncontrolled executable search path that enables local privilege escalation attacks.