Notepad++ 8.9.3 Patches Critical cURL Vulnerability and Crash Issues
Key Takeaways Notepad++ has released version 8.9.3, a critical update addressing security vulnerabilities and stability issues. The update patches CVE-2025-14819 in the WinGUp auto-updater, stemming...
Key Takeaways
- Notepad++ has released version 8.9.3, a critical update addressing security vulnerabilities and stability issues.
- The update patches CVE-2025-14819 in the WinGUp auto-updater, stemming from an outdated cURL component.
- A privilege escalation bug, which caused Notepad++ to relaunch with permanent administrative rights after plugin management, has been resolved.
- Significant performance enhancements include the completion of the transition to the
pugixmlparser and updates to core editor components. - Users are strongly advised to update to version 8.9.3 immediately to secure their systems and benefit from improved stability.
Notepad++ Fortifies Security and Stability with Version 8.9.3 Release
Notepad++, the widely-used open-source text editor, has rolled out version 8.9.3, delivering crucial security patches, significant performance enhancements, and fixes for persistent application crashes. This latest iteration marks a pivotal update, addressing several regressions and bolstering the application’s resilience against potential exploits.
Table Of Content
The update finalizes the text editor’s architectural shift to an optimized XML parser, resolving multiple recent software regressions. Concurrently, the release strengthens the application’s auto-update mechanism, mitigating documented vulnerabilities that could otherwise compromise the integrity of updates.
Critical Security Patches and Privilege Fixes
A primary focus of the 8.9.3 release is the remediation of a critical vulnerability identified within the application’s auto-updater framework. The development team has updated the embedded cURL component in WinGUp to version 8.19.0, directly addressing CVE-2025-14819, a specific security issue that could potentially be exploited.
Furthermore, this release rectifies an unintended privilege escalation flaw present in previous versions. This bug caused Notepad++ to inadvertently restart with permanent administrative privileges after installing or removing a plugin. The development team has successfully patched this regression, ensuring the application operates within standard user privilege boundaries during routine plugin management activities.
System administrators will also find enhanced controls for managing enterprise deployments. A new disableNppAutoUpdate.xml file has been introduced, allowing IT teams to explicitly disable auto-updates, even when the WinGUp executable is present on the system. Another protective measure prevents XML configuration files from being unintentionally overwritten when updating portable packages via standard copy-and-paste methods.
Core Upgrades and Crash Resolutions
To enhance the efficiency of configuration file operations, Notepad++ has been in the process of migrating from the older TinyXML parser to the more modern pugixml parser. Version 8.9.3 signifies the completion of this structural overhaul, promising improved performance for reading and writing configuration data.
This transition, while beneficial, had introduced several regressions, including localized Workspace text errors and incorrect display of text in non-UTF8 documents. These issues have been thoroughly addressed and resolved in the new update. The core components underpinning the text editor’s interface have also received substantial upgrades, with Scintilla advancing to version 5.6.0 and Lexilla updating to version 5.4.7.
Stability improvements are a significant aspect of this release. Engineers have successfully identified and fixed a long-standing defect that caused the application to crash when initiating a print job. Similar fatal errors related to User Defined Languages (UDL) have also been corrected. Additionally, a memory leak that occurred upon application exit has been sealed, preventing resource degradation during extended development sessions.
Other notable fixes include resolving an issue where “Find in Files” failed to search file content on disk, preventing Notepad++ from spawning redundant Windows Explorer processes in Task Manager, and adding native Autocompletion and Function List support for the D programming language. For a comprehensive list of changes, users can refer to the official Notepad++ release notes.
What You Should Do
- Immediate Update: All Notepad++ users are strongly advised to update to version 8.9.3 without delay to patch critical vulnerabilities and benefit from stability improvements.
- Verify Update: After updating, confirm that your Notepad++ installation is indeed running version 8.9.3.
- Review Enterprise Policies: System administrators should review the new
disableNppAutoUpdate.xmlfeature to align with organizational update policies and ensure controlled deployments. - Backup Configurations: Before any major update, especially in portable installations, consider backing up your Notepad++ configuration files to prevent accidental data loss.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.