Washington: The US cyber watchdog Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert over a critical remote code execution vulnerability discovered in the popular open-source text editor Notepad++, confirming that the flaw is already being exploited in real-world attacks.
CISA said it has added CVE-2025-15556 to its Known Exploited Vulnerabilities (KEV) catalog after observing active abuse of the weakness.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
According to the agency, the issue stems from Notepad++’s WinGUp updater, which fails to verify the integrity of downloaded code. Attackers can exploit this gap by intercepting or redirecting network traffic, tricking users into installing tampered update packages. Once the malicious installer is executed, threat actors can run arbitrary code with user-level privileges.
The vulnerability has been classified under CWE-494 (Download of Code Without Integrity Check) — a category widely associated with supply-chain style attacks. Security experts warn that on unsecured networks, attackers could leverage man-in-the-middle techniques to deploy ransomware, malware droppers, or persistent backdoors.
Fix released, older versions still exposed
Notepad++ developers have addressed the flaw in version 8.8.9 and later by enforcing cryptographic verification of update packages. However, systems running versions 8.6 through 8.8.8 remain vulnerable — particularly in environments where automatic updates are disabled, a common practice in enterprise setups.
CISA has directed federal agencies to apply vendor patches no later than March 5, 2026, while strongly urging private organisations and individual users to update immediately.
Higher risk for enterprise environments
Cybersecurity professionals note that Notepad++’s widespread use across Windows endpoints significantly amplifies exposure, especially in corporate networks where manual updates are routine.
CISA has advised organisations to scan endpoints for outdated installations, temporarily disable WinGUp where necessary, and strengthen network segmentation to reduce the risk of interception attacks. Users are also being urged to download software only from official sources and verify files using SHA-256 hashes.
What users should do
- Upgrade Notepad++ immediately to v8.8.9 or the latest version
- Avoid updating software over unsecured Wi-Fi networks
- Always verify downloaded files using cryptographic checks
- Identify and remove vulnerable versions across enterprise systems
CISA cautioned that the flaw can be exploited during routine update processes without any additional authentication, making it particularly dangerous. The agency warned that failure to patch in time could leave organisations exposed to large-scale cyber intrusions.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
