Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Notepad++ < 8.8.9 Update Integrity Verification Vulnerability

🗓️ 04 Feb 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 6 Views

Notepad++ versions before 8.8.9 with WinGUp updater do not cryptographically verify updates, enabling attacker-controlled installers and arbitrary code execution.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2025-15556
3 Feb 202600:50
attackerkb
Circl		CVE-2025-15556
4 Feb 202607:01
circl
CISA KEV Catalog		Notepad++ Download of Code Without Integrity Check Vulnerability
12 Feb 202600:00
cisa_kev
CISA		 CISA Adds Four Known Exploited Vulnerabilities to Catalog
12 Feb 202612:00
cisa
CNNVD		Notepad++ 安全漏洞
3 Feb 202600:00
cnnvd
CVE		CVE-2025-15556
3 Feb 202600:50
cve
Cvelist		CVE-2025-15556 Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification
3 Feb 202600:50
cvelist
EUVD		EUVD-2025-206661
3 Feb 202600:50
euvd
NVD		CVE-2025-15556
3 Feb 202601:15
nvd
OpenVAS		Notepad++ DLL WinGUp Update Hijacking Vulnerability (Dec 2025)
16 Dec 202500:00
openvas
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(297910);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/30");

  script_cve_id("CVE-2025-15556");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/03/05");
  script_xref(name:"IAVA", value:"2026-A-0096-S");

  script_name(english:"Notepad++ < 8.8.9 Update Integrity Verification Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"The text editor on the remote Windows host is affected by an update integrity vulnerability.");
  script_set_attribute(attribute:"description", value:
"Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain a vulnerability where downloaded update 
metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update 
traffic can cause the updater to download and execute an attacker-controlled installer, resulting in 
arbitrary code execution with the privileges of the user.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version 
number.");
  # https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3c45e063");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Notepad++ 8.8.9 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:A");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-15556");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/12/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/12/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/02/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:notepad-plus-plus:notepad\+\+");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("notepad_plus_plus_win_installed.nbin");
  script_require_keys("installed_sw/Notepad++", "SMB/Registry/Enumerated");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {'scope': 'target', 'match': {'os': 'windows'}}
  ],
  'checks': [
    {
      'product': {'name': 'Notepad++', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '8.8.9'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Apr 2026 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.17.5
CVSS 47.7
EPSS0.09124
SSVC
notepad plus pluswingup updatercryptographic verificationupdate metadataarbitrary code execution
6