Notepad++
Notepad++ is a free and open-source source code editor and Notepad replacement for Microsoft Windows that supports syntax highlighting, code folding, and other features for numerous programming languages.[1] Developed by Don Ho, it was first released in November 2003 as an open-source project under the GNU General Public License.[2] The software is written in C++ using the Win32 API and STL to maintain a small footprint while providing advanced text editing capabilities beyond the default Windows Notepad.[3] Key defining characteristics include tabbed document interface for multitasking, regular expression search and replace, macro recording, and a plugin system that extends functionality for tasks like version control integration and additional language support.[1] Its lightweight design and lack of resource-intensive dependencies make it a preferred choice for developers seeking a fast alternative to full integrated development environments.[4] Notepad++ has achieved widespread adoption, ranking highly in developer surveys for its reliability and customizability.[5] The project's maintainer, Don Ho, has occasionally incorporated political statements into release notes and updates, reflecting personal views on global events, which has drawn attention but not detracted from its technical merits.[6] Despite copycat sites attempting to mimic its downloads, the official distribution remains secure and actively maintained, with regular updates addressing vulnerabilities and adding features.[7]History
Origins and Initial Release
Notepad++ was created by French-Vietnamese software developer Don Ho as a free, open-source alternative to the basic Windows Notepad and other limited text editors available in the early 2000s.[2] Ho, who had been using Windows Notepad for source code editing since his student days, grew frustrated with its shortcomings, including the absence of syntax highlighting, auto-completion, and multi-document support, prompting him to develop a more robust tool for his professional needs as a software engineer.[2][8] Development began in 2003, with Ho leveraging the Scintilla editing component for core functionality and implementing features tailored for programmers, such as tabbed interfaces and plugin extensibility from the outset.[9] The project was licensed under the GNU General Public License (GPL), emphasizing its open-source ethos and community-driven potential.[9] The initial version, Notepad++ v1.0, was released on November 23, 2003, via SourceForge, marking the software's public debut as a lightweight yet feature-rich code editor for Windows.[10] This launch coincided with rapid early updates, including v1.1 on December 13, 2003, which added basic improvements like enhanced file handling, reflecting Ho's iterative approach to addressing user feedback from the developer community.[11] The release established Notepad++ as a niche tool among Windows users seeking efficiency without the bloat of full integrated development environments.[6]Key Milestones and Version Evolution
Notepad++'s development has progressed through iterative releases, with major version updates introducing enhancements in user interface, performance, and compatibility. Following its initial release in November 2003 as a basic syntax-highlighting editor built on the Scintilla component, early versions focused on expanding language support, plugin integration, and Unicode handling, culminating in the long-supported 7.x series that emphasized stability and incremental improvements up to v7.9 in 2021.[2] The transition to version 8.0 on June 7, 2021, represented a pivotal evolution, incorporating modern features such as Dark Mode for reduced eye strain, native ARM64 builds for better performance on compatible Windows devices, Fluent UI icons for a contemporary appearance, and Distraction Free Mode to minimize interface clutter during editing.[12] Subsequent 8.x releases built on this foundation; for instance, v8.2 on January 1, 2022, added options to exclude folders in Find in Files operations and auto-save sessions on exit, while v8.3 on February 3, 2022, eliminated the 2 GB file size limit in 64-bit editions and optimized handling of large files.[12] Further milestones included v8.4 on April 26, 2022, which integrated Scintilla 5.2.1 for improved editing capabilities and added TypeScript syntax support, and v8.5 on March 6, 2023, enabling the "Edit with Notepad++" context menu entry on Windows 11.[12] The v8.6 release on November 23, 2023, coincided with the application's 20th anniversary, introducing full multi-edit functionality across documents and enhancements to session file management.[12] More recent updates, such as v8.7 on July 14, 2024, expanded customization with user-defined keywords and TOML language support, while v8.8 on April 28, 2025, advanced multi-editing and updated to Scintilla 5.5.6 for refined text rendering.[12] Version 8.8.7, released on October 19, 2025, achieved a key security milestone by adopting a legitimate GlobalSign code-signing certificate, replacing prior self-signed alternatives and addressing authenticity concerns amid rising malware risks in software distribution.[13] This evolution reflects a commitment to adapting to modern hardware, user workflows, and security standards while maintaining backward compatibility and open-source principles under Don Ho's stewardship.[9]Technical Foundation
Core Architecture and Components
Notepad++ employs a lightweight architecture built in C++ utilizing the pure Win32 API and Standard Template Library (STL) to ensure high execution speed and reduced binary size compared to alternatives relying on heavier frameworks.[1] This design choice prioritizes native Windows integration without external dependencies beyond essential components.[3] The primary editing engine is powered by Scintilla, an open-source component library dedicated to source code editing functionalities including syntax styling, text folding, and brace matching.[14] Scintilla operates as a customizable Windows control that manages text rendering, user input handling, and visual feedback such as line numbering and margin markers within individual editor views.[15] Each tab or split pane in Notepad++ instantiates a Scintilla instance to support independent document editing sessions.[1] Complementing Scintilla is Lexilla, a dedicated lexer library that processes source code to generate styling information for over 80 programming languages supported by Notepad++.[3] Lexilla separates lexical analysis from Scintilla's core, enabling modular updates to language parsers without altering the editor's rendering logic.[14] This component-based separation facilitates efficient tokenization and keyword recognition, contributing to the application's responsiveness during large file operations.[3] The overall structure follows a single-process model with a central application frame managing document tabs, toolbars, and docking panels, all coordinated through Win32 messages and event loops inherent to the API.[1] Core utilities for file I/O, plugin loading, and configuration persistence are implemented natively in C++ modules, avoiding runtime interpretations for performance.[3]Performance Characteristics
Notepad++ exhibits efficient performance for typical text editing tasks, characterized by low memory footprint and minimal CPU utilization under standard workloads, owing to its C++ implementation and reliance on the lightweight Scintilla editing component.[16][17] On systems with limited resources, it maintains responsive operation without excessive overhead, contrasting with heavier integrated development environments.[16] For large files exceeding 2 GB, version 8.3.2 and subsequent releases introduced optimizations to enhance loading and editing, reducing previous bottlenecks in file parsing and rendering via Scintilla updates that mitigate notification overload during operations like replacements.[18][19] However, performance can degrade with files over 100-200 MB or those featuring extremely long lines (e.g., 40 million characters), leading to lag in scrolling, searching, or syntax highlighting due to Scintilla's line-based rendering model, which was not originally optimized for massive datasets.[20][21][22] Users report high CPU spikes during bulk operations or when features like word wrap or auto-completion are enabled, though disabling these via preferences improves responsiveness.[22][23] In benchmarks and user tests on modern hardware like Windows 11, Notepad++ opens and switches between multi-megabyte files swiftly, but it may become unresponsive or exhibit delays in editing very large plain-text objects compared to specialized tools designed for streaming or memory-mapped I/O.[24][25] Exit performance has also been refined in later versions to prevent hangs from accumulated state.[18] Overall, while suitable for most programming and log-viewing scenarios, its efficiency diminishes for extreme-scale files, prompting recommendations to adjust the "large file size" threshold in settings (default 200 MB) to selectively disable resource-intensive features.[26][27]Features
Syntax Highlighting and Editing Tools
Notepad++ supports syntax highlighting for approximately 90 programming languages, enabling color-coded visualization of code elements such as keywords, strings, and comments to enhance readability.[28] This functionality relies on the Lexilla library, which provides lexer definitions for official languages, allowing precise parsing and styling based on language-specific rules.[29] For unsupported languages, users can create custom definitions via the User Defined Languages (UDL) system, which permits defining parsers, keywords, and styling rules without requiring programming.[30] Code folding complements syntax highlighting by permitting the collapse and expansion of code blocks, such as functions or loops, delineated by delimiters like braces or keywords.[16] In UDL configurations, folding can be customized with open, middle, and close keyword sets to handle nested structures accurately.[31] This feature reduces visual clutter in large files, facilitating navigation through hierarchical code. Auto-completion assists editing by suggesting words or functions as the user types, configurable to trigger on specific characters or manually via shortcuts.[32] Enhancements in version 8.1 addressed performance regressions, ensuring efficient operation on extensive documents.[32] Additional tools include split-window editing for simultaneous views of the same file and brace matching to highlight corresponding pairs.[16] The macro system enables recording sequences of editing actions—such as typing, selecting, or searching—for playback to automate repetitive tasks.[33] Users initiate recording via the Macro menu, perform operations, then stop and save for repeated execution, with shortcuts like Ctrl+Shift+P for playback.[34] Macros are stored in configuration files, allowing persistence across sessions but limited to non-interactive actions.[35]Customization Options
Notepad++ provides extensive built-in customization through dedicated dialogs accessible via the Settings menu, enabling users to tailor the interface, behavior, and appearance to individual preferences.[36] The primary tools include the Preferences dialog for general and editing settings, the Style Configurator for visual theming and syntax styles, and the Shortcut Mapper for key bindings.[36] These options allow modifications without requiring plugins, though they integrate with the broader extensibility framework.[36] The Preferences dialog, accessed via Settings > Preferences (or Ctrl+Comma), organizes options into tabs such as General, Editing, New Document, and MISC. Users can adjust toolbar icon size (small, medium, or large), enable features like multi-editing with Ctrl+Click for multiple cursors, set default font and zoom levels, configure auto-completion behaviors, and toggle DirectWrite for improved text rendering on Windows.[36] Editing-specific settings include line wrapping modes, delimiter choices for virtual spaces, and word character definitions to refine selection behaviors.[36] Backup and autosave intervals are also customizable, with options for session snapshots and file change monitoring.[36] Visual customization occurs primarily in the Style Configurator (Settings > Style Configurator), which supports predefined themes like Default, Dark Mode, and others, alongside per-language adjustments for over 80 built-in languages.[36] Users can modify foreground/background colors, font faces (e.g., Consolas or Courier New), sizes, bold/italic attributes, and underline styles for elements like keywords, comments, operators, and numbers.[36] Global overrides apply uniform changes across all styles, such as default font or margins, while theme selection persists across sessions unless overridden by updates.[36] For unsupported formats, the User Defined Languages system (Languages > User Defined Language > Define Your Language) permits creating custom parsers with keyword lists, folding rules, operators, and delimiters, effectively extending syntax highlighting capabilities.[30] Keyboard shortcuts are remapped via the Shortcut Mapper (Settings > Shortcut Mapper), divided into Main Menu, Macros, Run, Plugins, and Scintilla sections, allowing conflicts to be resolved and new bindings assigned to commands like "Find Next" or macro playback.[36] Toolbar icons can be customized by editing the toolbaricons.xml file or using built-in options for visibility and size, supporting Fluent UI styles for modern Windows integration.[37] These features, introduced progressively since early versions and refined in updates like v8.0 (2019) for dark mode, emphasize user control over defaults without altering core functionality.[36]Internationalization Support
Notepad++ provides user interface localization through XML files that translate menus, dialogs, and other elements into various languages, selected via the Settings > Preferences > General > Localization menu. These files, derived from anenglish.xml template, support UTF-8 encoding and allow community contributors to create or edit translations by modifying attributes like menu names and accelerator keys, with submissions handled through GitHub pull requests.[38][39]
The application became Unicode-compliant in version 5.1, released on October 25, 2008, enabling support for Unicode paths and character display.[40][41] It handles multiple encodings, including ANSI, UTF-8 (with or without byte-order mark), UTF-16, UCS-2, and codepages such as BIG5, GB2312, and Shift JIS, with options to reinterpret or convert files between formats via the Encoding menu.[41] Version 5.1.1, released January 11, 2009, introduced runtime switching of localization languages in the Unicode build.[41]
For right-to-left (RTL) scripts, Notepad++ added explicit text direction controls in version 6.7 on December 7, 2014, with menu options for RTL and left-to-right (LTR) modes that apply without document reload, including synchronization with features like the Document Map.[41] Keyboard shortcuts such as Ctrl+Alt+R for RTL and Ctrl+Alt+L for LTR facilitate toggling, and UI localization files can specify RTL via attributes like RTL="yes" for languages such as Hebrew.[42] However, bidirectional text handling remains limited, with reported issues in editing complex RTL languages like Arabic, including cursor positioning errors and incomplete script joining, persisting in versions up to 8.6.[43][42]
Ecosystem and Extensibility
Plugin Architecture
Notepad++ implements extensibility through a plugin system utilizing dynamic-link libraries (DLLs), which integrate seamlessly to add features such as custom menus, toolbars, dockable panels, and advanced editing capabilities without altering the core application code.[44] Plugins reside in subdirectories under the main installation'splugins folder (e.g., plugins\MyPlugin\MyPlugin.dll), enabling automatic discovery and loading upon application startup or restart.[44] This directory structure isolates plugins, preventing conflicts, and supports both 32-bit and 64-bit variants matching Notepad++'s architecture.[44]
To ensure compatibility, Notepad++ invokes each plugin's exported isCompatible function, passing the application version string; plugins return a boolean indicating support, typically checking against major versions like 7.x or 8.x released since 2015.[45] Upon success, it calls setInfo, supplying an NppData structure containing window handles: the main Notepad++ window (_nppHandle), primary Scintilla editor (_scintillaMainHandle), and secondary view (_scintillaSecondHandle).[45] This initializes the plugin, allowing it to register menu items via a FuncItem array processed through Notepad++'s plugin manager, which assigns command IDs for user invocation.[45]
Inter-plugin and plugin-core communication relies on Windows API messaging. Plugins dispatch commands or retrieve data by sending messages via SendMessage to the _nppHandle, using predefined constants from Notepad_plus_msgs.h—for instance, NPPM_GETCURRENTBUFFERID (ID 2051) to query the active document or NPPM_SAVEALLFILES (ID 2063) to persist changes across tabs.[46] Notepad++ broadcasts events to plugins through WM_NOTIFY messages with NPPN_* notification codes (e.g., NPPN_BUFFERACTIVATED [ID 1010] for document switches), routed to plugin-registered windows or callbacks.[46] Direct editor manipulation occurs by obtaining Scintilla handles (e.g., via NPPM_GETCURRENTSCINTILLA [ID 2048]) and issuing Scintilla messages like SCI_GETTEXT for buffer content or SCI_SETSELECTION for cursor operations, leveraging the Scintilla API documented since version 1.77 integrated in Notepad++ v1.0 (2003).[46] Plugins may also create additional Scintilla instances using NPPM_CREATESCINTILLAHANDLE (ID 2044) for custom views.[46]
Development primarily targets C/C++ using Visual Studio templates that define exports, headers for message IDs, and boilerplate for menu integration and event handling.[45] For .NET languages like C#, templates employ attributes (e.g., via Unmanaged Exports library) to mimic native DLL exports, bridging managed code to the native API while handling marshaling for strings and handles.[47] Lexer plugins, for syntax extensions, export distinct functions like GetLexerCount and CreateLexer conforming to Scintilla's ILexer5 interface, introduced in Notepad++ v8.4 (2023).[44] The Python Script plugin (available since v0.1 in 2009) overlays a scripting layer, hosting Python modules as sub-plugins with access to similar APIs via wrapped objects, facilitating rapid prototyping without native compilation.[44]
This architecture promotes modularity but imposes dependencies on Windows messaging and Scintilla stability, with over 100 community-maintained plugins as of 2024 demonstrating its robustness for tasks from FTP integration to hex editing.[48] Compatibility breaks occur rarely, such as during Unicode transitions in v5.0 (2008) or 64-bit shifts in v7.6 (2018), requiring plugin updates.[49]
Community Contributions
The Notepad++ community actively develops and maintains plugins that extend the editor's functionality, with an official collection hosted on GitHub comprising dozens of third-party extensions for tasks such as FTP integration, spell-checking, and code snippets.[50] These plugins are integrated via the built-in Plugin Admin, which draws from a community-curated repository updated as of July 2025 to ensure compatibility with recent versions like 8.7.[51] Developers contribute new plugins or updates through dedicated forum sections, fostering innovations like custom lexers for niche languages.[48] Localization efforts rely on volunteer translators who update language files for over 80 languages, with recent contributions including full revisions for Hungarian compatible with version 8.7.1 as of October 2024.[52] These files are submitted via the community forum and incorporated into releases, enabling broad international adoption without official developer intervention.[53] Core codebase enhancements come from open-source contributions on GitHub, where users submit pull requests for bug fixes, features, and compatibility improvements; the repository guidelines emphasize quality to avoid integration issues, though many proposals are closed without merging due to maintainer discretion.[54] As of October 2025, the project has processed thousands of issues and pull requests since migrating to GitHub, with active discussions on contribution barriers like stringent review processes.[55] Community members also create User Defined Languages (UDLs) for syntax highlighting unsupported formats, shared via the official resources page.[56] The primary hub for collaboration is the Notepad++ Community Forum, launched to centralize support, development queries, and feedback, with categories dedicated to plugin building, translations, and general enhancements as of its ongoing activity in 2025.[57] This forum facilitates peer-reviewed contributions, reducing reliance on the lead developer while sustaining the project's evolution through distributed expertise.[58]Reception and Impact
Usage Statistics and Popularity
Notepad++ maintains substantial popularity as a lightweight text editor among developers, consistently ranking among the most utilized tools in annual surveys of programming professionals. In the 2025 Stack Overflow Developer Survey, 27.4% of over 65,000 respondents reported using it, placing it third behind Visual Studio Code (75.9%) and Visual Studio (29%), but ahead of IntelliJ IDEA (27.1%).[59] This follows similar trends in prior years, including 23.9% usage in 2024 and 24.54% in 2023, reflecting steady demand despite competition from more feature-heavy alternatives.[60][61] User satisfaction metrics further affirm its standing, with SourceForge hosting over 622 reviews averaging 4 out of 5 stars across ease of use, features, design, and support categories, the vast majority being five-star evaluations.[62] Industry adoption data indicates deployment in 42% of software development sectors and 43% of cloud services environments, per G2 analytics, underscoring its role in professional workflows requiring efficient syntax highlighting and plugin extensibility without resource overhead.[63] Although official total download counts are not published by the Notepad++ team, the editor's persistence since its 2003 debut—coupled with high visibility in developer ecosystems and open-source repositories—suggests a user base numbering in the tens of millions globally, driven by its free, GPL-licensed distribution and Windows-centric optimization.[1] Its exclusion from web-centric market share trackers like W3Techs, where it registers under 0.1% for content management associations, aligns with its primary utility as a desktop code editor rather than a server-side tool.[64]Comparisons to Alternatives
Notepad++ is frequently benchmarked against Visual Studio Code (VS Code) for its superior lightweight performance, with independent tests showing startup times up to 50 times faster and memory usage substantially lower due to its native C++ implementation avoiding Electron's overhead.[65][66] VS Code, while offering advanced IDE capabilities such as built-in debugging, terminal integration, and a marketplace exceeding 20,000 extensions as of 2024, demands higher system resources—often 200-500 MB RAM idle versus Notepad++'s under 50 MB—and slower initial loads on lower-end hardware.[67] Notepad++ prioritizes simplicity for quick text manipulations and regex operations, but lacks VS Code's native cross-platform support and collaborative features like Live Share.[68] Relative to Sublime Text, Notepad++ maintains a fully free, open-source model without license fees or evaluation nags, appealing to users avoiding proprietary software, while both editors achieve near-instantaneous file loading for files under 2 GB.[69] Sublime Text edges in multi-selection editing and command palette efficiency for power users, but Notepad++ provides broader default syntax support for over 80 languages and easier plugin management via its integrated admin tool, without requiring paid upgrades for core functionality.[70][71] Sublime's cross-platform native builds contrast with Notepad++'s Windows-centric design, though the latter runs adequately on Linux via Wine emulation. Vim stands out as a terminal-based alternative emphasizing modal editing for rapid, keyboard-only workflows, outperforming Notepad++ in resource efficiency on constrained environments like remote servers, where it uses mere kilobytes of RAM versus Notepad++'s megabytes.[72] Notepad++ counters with an intuitive GUI, automatic syntax highlighting without manual configuration, and tabbed multi-document interface, reducing the steep learning curve of Vim's vi-compatible commands.[73] Vim's ubiquity across Unix-like systems and extensibility through scripts enable server-side editing without graphical dependencies, but it requires add-ons like vim-plug for features Notepad++ includes natively, such as split views and autocomplete.[74]| Aspect | Notepad++ | VS Code | Sublime Text | Vim |
|---|---|---|---|---|
| Resource Usage | Low (idle ~30-50 MB RAM)[66] | High (idle 200+ MB due to Electron)[65] | Low (similar to Notepad++)[70] | Minimal (~1-5 MB)[72] |
| Startup Time | Near-instant[18] | 1-5 seconds on average hardware[65] | Near-instant[70] | Instant (terminal-based)[72] |
| Extensibility | Plugins (~100 community) via admin[75] | Vast marketplace (20,000+ extensions)[67] | Packages via Package Control[69] | Scripts/plugins (e.g., vim-plug)[73] |
| Platform | Native Windows; emulated elsewhere | Native cross-platform[68] | Native cross-platform[70] | Ubiquitous (terminal)[74] |
| Cost | Free, open-source[69] | Free, proprietary[67] | $99 license (nagware trial)[76] | Free, open-source[72] |
Strengths and Limitations
Notepad++ excels in resource efficiency, consuming minimal memory and CPU compared to fuller-featured integrated development environments (IDEs), enabling smooth performance even with large files exceeding several gigabytes.[77][78] Its free, open-source licensing under the GPL allows unrestricted use and modification, contributing to widespread adoption among developers for quick editing tasks without licensing costs.[79][80] The editor's plugin architecture extends functionality, supporting additions for tasks like version control integration, advanced search tools, and language-specific tools, which users frequently highlight as a key advantage for customization without bloating the core application.[81] Syntax highlighting for over 80 programming languages, combined with features like multi-tabbed interface, regex-based find-and-replace, and macro recording, facilitates efficient code review and lightweight scripting.[79] Portability options, including a standalone executable version, further enhance its utility for users needing deployment across machines without installation.[79] Despite these strengths, Notepad++'s user interface remains rooted in an older design paradigm, lacking modern elements like dark mode consistency or intuitive ribbon menus found in contemporaries, which some reviewers note as visually dated and less ergonomic for prolonged use.[78] It is primarily optimized for Windows, with no native support for macOS or Linux, requiring workarounds like Wine emulation on non-Windows systems, limiting accessibility for cross-platform workflows.[82] While extensible, the reliance on third-party plugins can introduce compatibility issues or instability, particularly after updates, and it falls short as a full IDE for complex projects needing built-in debugging, refactoring, or project management.[77] Keyboard shortcuts, though customizable, often deviate from standard conventions, complicating muscle memory for users transitioning from other tools.[81]Controversies
Political Messaging in Release Notes
Don Ho, the lead developer of Notepad++, has incorporated political statements into several release announcements and version titles since at least 2008, often expressing solidarity with causes opposing authoritarian governments or supporting democratic movements.[83] These messages typically appear in blog posts accompanying updates on the official Notepad++ website, reflecting Ho's Taiwanese background and concerns over issues like human rights abuses in China and geopolitical conflicts.[84] For instance, in October 2019, version 7.8.1 was titled "Free Uyghur," with Ho's release note highlighting the internment of hundreds of thousands of Uyghurs in Chinese camps and calling for their release. This prompted backlash, including spam attacks on the project's GitHub repository from apparent Chinese nationalists.[85] Following Russia's 2022 invasion of Ukraine, Ho issued statements in multiple releases affirming support for Ukraine, such as version 8.8 in April 2022 and version 8.8.1 on May 5, 2025, explicitly titled "We are with Ukraine."[86] He announced that Notepad++ would cease distribution to users in Russia and Belarus, urging those in those countries to uninstall the software, framing it as a boycott against aggression.[87] Ho clarified that no IP blocks were implemented but emphasized ethical non-support for the regimes involved, leading to user complaints and calls for neutrality in software development.[88] Other examples include version 8.3 in February 2022, subtitled "(Boycott Beijing 2022)" in protest of the Winter Olympics hosted by China amid human rights criticisms.[89] More recently, in December 2024, a release was named "In a world of Elon, be a Zelensky," critiquing Elon Musk while praising Ukrainian President Volodymyr Zelenskyy, and another announced Ho's departure from the X platform (formerly Twitter).[90] These inclusions have sparked GitHub issues and forum discussions requesting apolitical release notes, with critics arguing they alienate users and politicize a neutral tool, though Ho maintains them as exercises of free speech.[91] Supporters view the statements as principled stands against oppression, but they have contributed to boycotts and forks by dissenting users.[92]Security Vulnerabilities
Notepad++ has encountered several reported security vulnerabilities, primarily affecting its installer and plugin loading mechanisms, though the software's open-source nature allows for community auditing and rapid patching. A notable privilege escalation flaw, designated CVE-2025-49144, was identified in the installer for versions up to 8.8.1, enabling unprivileged users to achieve SYSTEM-level access via insecure executable search paths that permitted binary planting of malicious files like regsvr32.exe alongside the installer.[93] [94] This local exploit, with a CVSS score of 7.8, was mitigated in version 8.8.2 released shortly after disclosure on June 23, 2025.[93] Another reported issue, CVE-2025-56383, involved potential DLL hijacking in version 8.8.3 and persisted in later releases up to 8.8.5, where attackers could replace plugin-related DLLs to execute arbitrary code upon application launch, carrying a disputed CVSS score of 8.4.[95] A proof-of-concept exploit was published on September 26, 2025, highlighting risks of code execution and malware persistence if users placed malicious files in accessible directories.[96] However, Notepad++ developers contested its validity in an October 7, 2025, release note for version 8.8.6, arguing it misclassifies standard Windows DLL search behavior under CWE-427 and requires user-writable paths not inherently controlled by the application, effectively rendering it a non-vulnerability without social engineering.[97]| CVE ID | Description | Affected Versions | CVSS Score | Status |
|---|---|---|---|---|
| CVE-2025-49144 | Installer privilege escalation via binary planting | ≤8.8.1 | 7.8 | Patched in 8.8.2 |
| CVE-2025-56383 | DLL hijacking in plugin loading | 8.8.3–8.8.5 | 8.4 (disputed) | Disputed; clarified in 8.8.6 |