The Reveal Platform
Intel Name: Potential notepad++ cve-2025-49144 exploitation
Date of Scan: July 7, 2025
Impact: High
Summary: Detects possible exploitation of CVE-2025-49144 — a local privilege escalation vulnerability affecting Notepad++ installers version 8.8.1 and earlier. The issue arises because the installer invokes regsvr32.exe without specifying its full path, allowing an attacker to elevate privileges by placing a malicious regsvr32.exe in the same directory as the legitimate Notepad++ installer. The vulnerability is triggered during the registration of the NppShell.dll component.
