- Description
- Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges of the user.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- notepad\+\+
CVSS 4.0
- Type
- Secondary
- Base score
- 7.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Notepad++ Download of Code Without Integrity Check Vulnerability
- Exploit added on
- Feb 12, 2026
- Exploit action due
- Mar 5, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- disclosure@vulncheck.com
- CWE-494
- Hype score
- Not currently trending
🛡️ Alerta de Seguridad: Vulnerabilidad en Descarga de Código sin Verificación de Integridad en Notepad++ (CVE-2025-15556) Notepad++ presenta una vulnerabilidad en el actualizador WinGUp que permite la descarga de código sin verificación de integridad, facilitando la inte
@CiberPlanetaOrg
16 Mar 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Notepad++ Supply-Chain Shock: CVE-2025-15556 Let Attackers Trojanize Updates via WinGUP Flashpoint details how CVE-2025-15556 in Notepad++’s WinGUP updater failed to verify installer signatures, enabling MitM/DNS poisoning to redirect update traffic and deliver trojanized
@ThreatSynop
26 Feb 2026
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
New security insights: Critical Analysis CVE-2025-15556 - Notepad Download of Code Without.... Fresh perspectives on defensive strategies. Read more: https://t.co/osOVO1rgWQ
@TomarPrateek23
22 Feb 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-2648 2 - CVE-2026-1731 3 - CVE-2025-15556 4 - CVE-2025-49113 5 - CVE-2025-6218 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
21 Feb 2026
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph
@SCMagazine
18 Feb 2026
265 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alerte Sécurité : La CISA Met en Garde Contre l’Exploitation Active de CVE-2025-15556 dans Notepad++. https://t.co/t2nbggr0Ag
@NicolasCoolman
17 Feb 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph
@SCMagazine
16 Feb 2026
1410 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph
@SCMagazine
15 Feb 2026
369 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢There is a code execution vulnerability. 🛡️CVE-2025-15556 ⚠️CVSS-B : 7.7 #terence_computer #特倫斯電腦程式科技 #台南電腦維修 #資安通報 #系統漏洞 #資訊安全 #特倫斯 #cyber #cybersecurity #notepad #notepad_CVE #CVE_2025_15556 #notepad_vuln
@Terence_Tech
15 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph
@SCMagazine
14 Feb 2026
309 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة Notepad++ مستغلة حالياً CISA أضافت CVE-2025-15556 لقائمة الثغرات المعروفة والمستغلة. هذه الثغرة تسمح بتنفيذ أوامر برمجية عن بعد في Notepad++. لاحظنا نشاط استغلال ل
@MisbarSec
13 Feb 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns of active exploitation of Notepad++ vulnerability CVE-2025-15556. Users urged to update to version 8.8.9 or later immediately. Link: https://t.co/FFnIIWv6fU #Security #Vulnerability #Exploit #Update #Notepad #Patch #CISA #Software #Alert #CVE #Bug #Threat #Protection h
@dailytechonx
13 Feb 2026
36 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
انتشار آسیب پذیری با کد شناسایی CVE-2025-15556 و از نوع Code execution برای ابزار پرکاربرد Notepad plus plus برای امن سازی ، به آخرین نسخه به روز رسانی نمایید. https://t.co/6WK1DM8KAb
@EthicalSafe
13 Feb 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV ALERT: NOTEPAD++ CODE EXECUTION ZERO-DAY (CVE-2025-15556) – ACTIVELY EXPLOITED IN THE WILD – FEBRUARY 13, 2026 Read the full report on - https://t.co/nXbqIKkvD5 https://t.co/YqoMWoEc6I
@cyberbivash
13 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA flags exploited Notepad++ updater flaw enabling malicious “updates” (CVE-2025-15556) CISA warned CVE-2025-15556 is being exploited in the wild: Notepad++’s WinGUp updater can download/install code without integrity verification, allowing MitM/DNS spoofing or rogue
@ThreatSynop
13 Feb 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA adds exploited SolarWinds, Notepad++, Apple, and Microsoft ConfigMgr flaws to KEV — patch-now priority CISA added four in-the-wild exploited CVEs (SolarWinds Web Help Desk bypass CVE-2025-40536, Notepad++ WinGUp update integrity CVE-2025-15556, Apple dyld CVE-2026-207
@ThreatSynop
13 Feb 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added a critical code execution flaw in Notepad++ to its Known Exploited Vulnerabilities (KEV) catalog. Notepad++ is a widely used open-source text editor popular among developers and IT teams. The vulnerability (CVE-2025-15556) allows attackers to intercept or https
@GuardingPearSof
13 Feb 2026
64 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CISA adds 4 actively exploited bugs to KEV: ConfigMgr SQLi, Notepad++ updater, SolarWinds WHD bypass, Apple dyld zero-day CISA added four exploited vulnerabilities to the KEV catalog—CVE-2024-43468 (Microsoft Configuration Manager SQL injection), CVE-2025-15556 (Notepad++
@ThreatSynop
13 Feb 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2022-1743 2 - CVE-2026-20841 3 - CVE-2025-15556 4 - CVE-2026-25253 5 - CVE-2026-1731 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
13 Feb 2026
140 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Warns of Notepad++ Code Execution Vulnerability Exploited in Attacks Source: https://t.co/ewFfqB2M3h CISA has added CVE-2025-15556 to its Known Exploited Vulnerabilities (KEV) catalog, highlighting active exploitation of a critical code execution flaw in Notepad++, a
@The_Cyber_News
13 Feb 2026
4692 Impressions
34 Retweets
103 Likes
24 Bookmarks
2 Replies
1 Quote
CISA Warns of Notepad++ Code Execution Vulnerability Exploited in Attacks https://t.co/P5FfZUaCxN CISA has added CVE-2025-15556 to its Known Exploited Vulnerabilities (KEV) catalog, highlighting active exploitation of a critical code execution flaw in Notepad++, a widely used
@f1tym1
13 Feb 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
人気のテキストエディタ「Notepad++」において、攻撃者に活発に悪用されているコード実行の脆弱性(CVE-2025-15556)が発見され、米国CISA(サイバーセキュリティ・社会基盤安全保障庁)が警告を発しました。
@omomuki_tech
13 Feb 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが4つの既知の脆弱性をカタログに追加 https://t.co/IcMspqhS2E CVE-2024-43468 Microsoft Configuration Manager の SQL インジェクション脆弱性 CVE-2025-15556 Notepad++ における整合性チェックなしのコードダウンロードの脆弱性
@cybersecnews_jp
12 Feb 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに4件の追加。Microsoft Configuration ManagerのCVE-2024-43468、Notepad++のCVE-2025-15556、SolarWinds Web Help DeskのCVE-2025-40536、Apple複数製品
@__kokumoto
12 Feb 2026
841 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-15556 #Notepad++ Download of Code Without Integrity Check Vulnerability https://t.co/wcT0RLNwTt
@ScyScan
12 Feb 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Microsoft vulnerability CVE-2024-43468, Notepad++ vulnerability CVE-2025-15556, SolarWinds vulnerability CVE 2025-40536, & Apple vulnerability CVE-2026-20700 to our KEV Catalog. Apply mitigations to protect your org from cyberattacks. https://t.co/myxOwap1Tf
@CISACyber
12 Feb 2026
6154 Impressions
33 Retweets
84 Likes
6 Bookmarks
1 Reply
3 Quotes
‼️ CISA has added 3 vulnerabilities to the KEV Catalog CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to
@DarkWebInformer
12 Feb 2026
13715 Impressions
24 Retweets
109 Likes
36 Bookmarks
0 Replies
1 Quote
IoCs and detection rules for the Notepad++ supply chain attack (CVE-2025-15556) #notepadplusplus #notepad https://t.co/oUjpx55E0T
@renat0z3r0
9 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Notepad++ [—] Feb 05, 2026 Comprehensive Security Advisory on Hijacked Update Mechanism, CVE-2025-15556, and Ongoing Remediation Measures Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #CyberSecurity https://t.co/CXGTNZ4EXx
@transilienceai
5 Feb 2026
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-15556 Notepad++ WinGUp Updater Unverified Update Metadata Leads to Code... https://t.co/jIv5cx44OW Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
3 Feb 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: !! #Notepad++: Compromissione dell'infrastruttura di aggiornamento nel noto editor testuale - CVE-2025-15556 Rischio: 🔴 Tipologia: 🔸 Arbitrary Code Execution 🔸 URL Redirection 🔗 https://t.co/OVzmgpHTJh 🔄 Aggiornamenti disponibili 🔄 https://t.co
@Vulcanux_
3 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
!! #Notepad++: Compromissione dell'infrastruttura di aggiornamento nel noto editor testuale - CVE-2025-15556 Rischio: 🔴 Tipologia: 🔸 Arbitrary Code Execution 🔸 URL Redirection 🔗 https://t.co/gGMYy4m9Sb 🔄 Aggiornamenti disponibili 🔄 https://t.co/6gdB42mDB
@csirt_it
3 Feb 2026
652 Impressions
0 Retweets
9 Likes
2 Bookmarks
0 Replies
1 Quote
CVE-2025-15556 Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installe… https://t.co/dLRQl1r4IY
@CVEnew
3 Feb 2026
171 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79565996-D87E-4892-BD1C-2AE9F89C1A4E",
"versionEndExcluding": "8.8.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]