CVE-2025-49144

This repository contains a functional proof-of-concept exploit for CVE-2025-49144, a local privilege escalation vulnerability in Notepad++ installers prior to v8.8.2. The exploit leverages an uncontrolled search path to execute a malicious regsvr32.exe with SYSTEM privileges during installation.

This repository contains a functional exploit for CVE-2025-49144, targeting Notepad++ 8.8.1 installer. The exploit generates a malicious `regsvr32.exe` that injects shellcode into a remote `notepad.exe` process, leveraging a vulnerability in the installer's execution context.

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.

The repository claims to provide a PoC for CVE-2025-49144 but lacks technical details about the vulnerability. Instead, it directs users to download a ZIP file from an external source, which is a common tactic for distributing malware or fake exploits.

This repository contains a functional exploit for CVE-2025-49144, demonstrating a binary planting vulnerability in Notepad++ installers. The exploit leverages a malicious `regsvr32.exe` to achieve SYSTEM-level privilege escalation via token impersonation and reverse shell execution.

This repository contains a functional exploit for CVE-2025-49144, which leverages token duplication to escalate privileges to SYSTEM via winlogon.exe. The PoC spawns a reverse shell with SYSTEM privileges by duplicating the winlogon token and creating a new process with elevated permissions.

The PoC exploits a DLL hijacking vulnerability in an installer by placing a malicious 'regsvr32.exe' in the working directory, which is executed due to unquoted PATH handling. The payload is a C#-based file write operation converted to shellcode and executed via a C loader.

This repository contains a functional exploit for CVE-2025-49144, a local privilege escalation vulnerability in Notepad++ 8.8.1 due to an uncontrolled executable search path. The exploit leverages a crafted regsvr32.exe to escalate privileges during the installation process.

The repository contains only a README.md file with minimal content (just the CVE identifier) and no exploit code, technical details, or additional context.

The repository contains functional exploit code for CVE-2025-49144, demonstrating a local privilege escalation (LPE) via execution of a malicious installer. The code removes the 'Mark of the Web' to bypass security warnings and executes the installer with elevated privileges.

This repository provides a detailed technical analysis of CVE-2025-49144, a local privilege escalation vulnerability in Notepad++ v8.8.1 and prior versions. The vulnerability arises from uncontrolled executable search path behavior during installation, allowing an attacker to gain SYSTEM privileges by placing a malicious regsvr32.exe in the same directory as the installer.