CVE-2025-15556CISA KEV: Actively Exploited

Notepad++ Download of Code Without Integrity Check Vulnerability

Published Feb 12, 2026·Updated Feb 12, 2026

Description

Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.

Public Exploits & PoCs1 found

PoC: notepadpp-supply-chain-iocs

IoCs and detection rules for the Notepad++ supply chain attack (CVE-2025-15556) — Lotus Blossom APT, June–December 2025. Includes Falcon LogScale queries, YARA/Sigma rules, and MITRE ATT&CK mapping.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Start monitoring free