Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-56383 PoC — Notepad++ 安全漏洞

Source
https://github.com/NewComrade12211/CVE-2025-56383
Associated Vulnerability
Title:Notepad++ 安全漏洞 (CVE-2025-56383)
Description:Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary unprivileged users.
Description
DLL hijacking to rev shell
Readme
Уязвимость

    Тип атаки: DLL Hijacking (захват DLL)
    Целевое приложение: Notepad++
    Метод: Файл NppExport.dll загружается Notepad++ из рабочей директории

Реализация

Вредоносная DLL содержит:

    Экспортируемые функции оригинальной библиотеки для обеспечения совместимости
    Reverse shell, соединяющийся с атакующим хостом
    Выполнение в отдельном потоке для предотвращения блокировки загрузки
File Snapshot

 [4.0K]  /data/pocs/13bad2955994f9b68f21ecab71edd1f5e5bcde1a
├── [2.6K]  dllmain.cpp
└── [ 677]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →