CVE-2025-56383

Published Sep 26, 2025

Last updated 2 months ago

CVSS high 8.4
Notepad++

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-56383 is a DLL hijacking vulnerability found in Notepad++ version 8.8.3. This vulnerability allows an attacker to execute arbitrary code on a victim's machine. The vulnerability involves replacing a legitimate DLL file with a malicious one, which can then be loaded and executed when the user launches the application. This can be achieved by placing the malicious DLL in a directory that is searched before the actual library's location. An attacker who has already gained initial access to a system can exploit this flaw to establish persistence.

Description
Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary unprivileged users.
Source
cve@mitre.org
NVD status
Undergoing Analysis
CNA Tags
disputed

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.4
Impact score
5.9
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-427

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-56383 Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allow

    @AnonOzzyDude

    19 Nov 2025

    294 Impressions

    2 Retweets

    11 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #VulnerabilityReport #CodeExecution DLL Hijacking Flaw (CVE-2025-56383) Found in Notepad++, Allowing Arbitrary Code Execution, PoC Available https://t.co/NRp61DYbJP

    @Komodosec

    3 Nov 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 人気テキストエディター「Notepad++」に脆弱性が指摘されるも、開発元は否定/DLLハイジャックの脆弱性に「CVE-2025-56383」が付番されたが現在は係争中 https://t.co/aIQFDKY58H https://t.co/0X8YrBqoib

    @madonomori

    8 Oct 2025

    9444 Impressions

    22 Retweets

    47 Likes

    14 Bookmarks

    2 Replies

    3 Quotes

  4. #exploit #AppSec #Threat_Research 1⃣ Zimbra Exploit Analysis (CVE-2025-27915) https://t.co/8ovnzHtvXB // These exploits take advantage of .ics files to breach vulnerable systems 2⃣ Notepad++ DLL Hijacking (CVE-2025-56383) https://t.co/RGih3h81ws // If the threat actor has t

    @ksg93rd

    6 Oct 2025

    45 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Notepad++ vulnerable a ataques de secuestro de DLL: CVE-2025-56383 https://t.co/jlEYOn2X9B

    @Edodelatorred

    4 Oct 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Developers 🧑‍💻: Se ha identificado una vulnerabilidad crítica de secuestro de DLL en Notepad++ (CVE-2025-56383). Un atacante local puede ejecutar código malicioso al reemplazar DLLs de plugins como NppExport.dll. https://t.co/tDE2GoiP9O #ciberseguridad #developers

    @henryraul

    2 Oct 2025

    139 Impressions

    7 Retweets

    9 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  7. ⚠️Vulnerabilidad en Notepad++ ❗CVE-2025-56383 ➡️Más info: https://t.co/XG1JAfqwpP https://t.co/3ves8QKTDd

    @CERTpy

    1 Oct 2025

    102 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 Notepad++ DLL Hijacking Detection DefenderXDR Custom Detection for CVE-2025-56383 🫡 https://t.co/v00kBzEYDU #Cybersecurity #NotepadPlusPlus #DLLHijacking https://t.co/kj2Z6oDI95

    @0x534c

    30 Sept 2025

    3251 Impressions

    14 Retweets

    66 Likes

    49 Bookmarks

    2 Replies

    0 Quotes

  9. Is CVE-2025-56383 really a thing we should spend any time caring about? https://t.co/3NHdwqEfiF

    @UK_Daniel_Card

    30 Sept 2025

    4773 Impressions

    4 Retweets

    14 Likes

    4 Bookmarks

    1 Reply

    1 Quote

  10. GitHub - zer0t0/CVE-2025-56383-Proof-of-Concept: CVE-2025-56383-Proof-of-Concept - https://t.co/MdzFkrMQKk

    @piedpiper1616

    30 Sept 2025

    2805 Impressions

    14 Retweets

    41 Likes

    21 Bookmarks

    1 Reply

    0 Quotes

  11. 🚨 Notepad++ Vulnerability Alert CVE-2025-56383 enables DLL hijacking via plugin replacement (e.g. NppExport.dll), allowing stealthy code execution. https://t.co/nKyRoFUTRM With MDE covering ~28% of endpoints (163 orgs, 60K+ devices), the attack surface is massive. 🛡️ D

    @0x534c

    30 Sept 2025

    12937 Impressions

    41 Retweets

    179 Likes

    98 Bookmarks

    2 Replies

    4 Quotes

  12. PoC ANALYSIS: DEEP DIVE. We break down the Notepad++ DLL Hijacking Flaw (CVE-2025-56383), detailing how a single vulnerability enables Remote Code Execution (RCE). Get the technical breakdown of the exploit primitive. Read full report on - https://t.co/3kt6QKkWGs https://t.co/OW

    @Iambivash007

    29 Sept 2025

    19 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. Notepad++ vulnerable a ataques de secuestro de DLL: CVE-2025-56383 https://t.co/wamDsCjIr3

    @unaaldia

    29 Sept 2025

    527 Impressions

    4 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. csirt_it: ‼ #Notepad++: disponibile un #PoC per lo sfruttamento della CVE-2025-56383 che interessa il noto tool di editing testuale Rischio: 🔴 Tipologia: 🔸Arbitrary Code Execution 🔗 https://t.co/zuN8NiKmdb ⚠️ Monitorare il rilascio di aggiornamenti https://t.co

    @Vulcanux_

    29 Sept 2025

    71 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! CVE-2025-56383 targets Notepad++ with a DLL hijacking attack. Learn how it works and how to defend against this stealthy threat. 📖 Check the deta

    @PurpleOps_io

    29 Sept 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. ⚠️ Notepad++ DLL Hijacking Vulnerability – CVE-2025-56383 🚨 A new security flaw has been discovered in Notepad++ (CVE-2025-56383) that could allow attackers to hijack DLL files and execute malicious code. #cybersecurity #notepad++ #vulnerability #dllhijacking #infosec

    @Zoffecinfotech

    29 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. A DLL hijacking flaw (CVE-2025-56383) in Notepad++ v8.8.3 allows attackers to replace a trusted DLL with a malicious one to execute arbitrary code. #NotepadPlusPlus #DLLHijacking #CVE #Cybersecurity #SecurityAlert https://t.co/AhrgOeKAOK

    @the_yellow_fall

    29 Sept 2025

    117 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Notepad++ v8.8.3において、起動時に読み込まれるDLLを差し替えることで任意コードが実行される脆弱性(CVE-2025-56383)が公開された。攻撃者は被害者環境に悪意あるDLLを配置するだけで、プログラム起動時にマル

    @yousukezan

    29 Sept 2025

    1465 Impressions

    2 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-56383 Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. https://t.co/DCJxqT6oeI

    @CVEnew

    26 Sept 2025

    381 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.