Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

June 25, 2025

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths.
There is cu …

Published Date:
Jun 25, 2025 (1 hour, 49 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49144

Source: Read More

Previous ArticleCVE-2025-6627 – TOTOLINK A702R HTTP POST Request Handler Buffer Overflow Vulnerability

Next Article Citrix bleeds again: This time a zero-day exploited – patch now

Highlights

CVE-2025-49823 – Anaconda Constructor Command Injection Vulnerability

June 17, 2025

CVE ID : CVE-2025-49823

Published : June 17, 2025, 3:15 a.m. | 3 hours, 9 minutes ago

Description : (conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code. Although the script runs with user privileges (not root), an attacker could exploit this by injecting arbitrary commands through a malicious path during installation. Exploitation requires explicit user action. This issue has been patched in version 3.11.3.

Severity: 0.0 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

Dev runs Windows 11 ARM on an iPad Air M2 using UTM with JIT, and it’s decent

I’m bringing this Bluetooth speaker to every cookout this summer – and you should too

CVE-2025-5152 – “Chanjet CRM SQL Injection Vulnerability”

DOGE Big Balls Ransomware Outlook

CVE-2025-49823 – Anaconda Constructor Command Injection Vulnerability

Diablo 4 “Berserk” anime collaboration revealed in full — New info on themed cosmetics, items, and a launch date

Windows 11 KB5062660 24H2 out with features, direct download links for offline installer (.msu)

Chrome Zero-Day Alert: CVE-2025-5419 Actively Exploited in the Wild

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

Related Posts