CVE-2025-49144 PoC — Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path

Source

https://github.com/tristanvandermeer/CVE-2025-49144-Test

Associated Vulnerability

Title:Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path (CVE-2025-49144)
Description:Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.

Description

A test attack for CVE-2025-49144

Readme

# CVE-2025-49144-Test
Playing with python .exes and Notepad ++ installer vuln

This regsvr32.exe payload only works on my local network. Its just a simple obfuscated rev. shell. Not super interesting but it is cool to see it work :3

(https://nvd.nist.gov/vuln/detail/CVE-2025-49144)

File Snapshot


 [4.0K]  /data/pocs/adb518e92bb3302c436e7cc2aef452ac94cf3c77
├── [ 13M]  CVE_TEST_2.zip
├── [1.0K]  LICENSE
├── [ 284]  README.md
└── [6.9M]  soup_store.exe

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!