Description
Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary unprivileged users.
Metrics
 NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:
NIST: NVD
NVD assessment not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings:
Weakness Enumeration
| CWE-ID | CWE Name | Source |
|---|---|---|
| CWE-427 | Uncontrolled Search Path Element | CISA-ADP   |
Change History
8 change records found show changes
CVE Modified by CISA-ADP 6/17/2026 5:42:32 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | SSVC |
{"timestamp":"2025-09-30T03:55:10.161379Z","id":"CVE-2025-56383","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}
|
CVE Modified by MITRE 6/17/2026 5:42:32 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Affected |
[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]
|
CVE Modified by MITRE 11/19/2025 10:15:48 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference |
https://www.vicarius.io/vsociety/posts/cve-2025-56383-detect-notepad-vulnerability |
|
| Added | Reference |
https://www.vicarius.io/vsociety/posts/cve-2025-56383-mitigate-notepad-vulnerability |
CVE Modified by MITRE 10/01/2025 10:15:40 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Tag |
disputed |
|
| Changed | Description |
Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. |
Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary unprivileged users. |
| Added | Reference |
https://github.com/zer0t0/CVE-2025-56383-Proof-of-Concept/issues/1 |
CVE Modified by CISA-ADP 9/29/2025 4:15:33 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CWE |
CWE-427 |
CVE Modified by CISA-ADP 9/29/2025 10:16:45 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 |
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| Removed | CVSS V3.1 |
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| Removed | CWE |
CWE-77 |
CVE Modified by CISA-ADP 9/26/2025 5:15:36 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 |
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| Added | CWE |
CWE-77 |
New CVE Received from MITRE 9/26/2025 2:15:36 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description |
Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. |
|
| Added | Reference |
https://github.com/notepad-plus-plus/notepad-plus-plus |
|
| Added | Reference |
https://github.com/zer0t0/CVE-2025-56383-Proof-of-Concept |