NotepadPlusPlus Traffic Hijacking Vulnerability - 20251215002¶
Overview¶
The WASOC have been made aware of a recent vulnerability fix by Notepad++ resolving incidents of traffic hijacking affecting the Notepad++ product. According to the investigation, traffic from WinGUp (the Notepad++ updater) was occasionally redirected to malicious servers, resulting in the download of compromised executables. If an attacker intercepts the network traffic between the updater client and the Notepad++ update infrastructure, this weakness can be leveraged by an attacker to prompt the updater to download and execute an unwanted binary (instead of the legitimate Notepad++ update binary).
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Notepad++ | All versions prior to 8.8.9 | TBD | TBD | TBD |
What has been observed?¶
Notepad++ are aware of exploitation in the wild for one or more of the above mentioned vulnerabilities. The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):