Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026022302024848 | Publication Time | 2026/02/23 14:26 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/02/23 14:26 |
| Impact Level | Low | ||
| [Subject] 【Security Advisory】Notepad++ Contains a High-Risk Security Vulnerability (CVE-2025-15556); Please Verify and Apply Patches Promptly |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202602-00000091 Researchers have identified an Insufficient Update Integrity Verification vulnerability in Notepad++ (CVE-2025-15556). An unauthenticated remote attacker may mislead the updater during the Notepad++ update process, redirecting it to a malicious server to download and execute malicious code. This vulnerability has been actively exploited by attackers. Please verify and apply the necessary patches as soon as possible. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Notepad++ versions up to and including 8.8.9 |
|||
| [Recommended Actions] Do not use the automatic update function. Please download the updated installer from the official website and perform a manual installation: https://notepad-plus-plus.org/downloads/v8.9.1/ |
|||
|
[Reference] 2. https://notepad-plus-plus.org/downloads/v8.9.1/ 3. https://nvd.nist.gov/vuln/detail/CVE-2025-15556 |
|||