AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesFebruary 11, 2026CVE-2025-15556

Summary

Notepad++ has a vulnerability in its WinGUp updater where downloaded updates are not checked for authenticity (integrity check, a process that verifies a file hasn't been tampered with). An attacker could intercept update traffic and trick users into downloading and running malicious code, giving the attacker the same permissions as the user. This vulnerability is currently being exploited in real attacks.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 4.3%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-494

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-15556

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 95%