Notepad++ v8.9.3 Released Addressing cURL Security Vulnerability
Notepad++ has released version 8.9.3. This latest update delivers critical security patches, introduces structural performance enhancements, and resolves persistent crash issues. This update...
Notepad++ has released version 8.9.3. This latest update delivers critical security patches, introduces structural performance enhancements, and resolves persistent crash issues.
This update finalizes the text editor’s transition to a highly optimized XML parser, addressing multiple recent regressions while fortifying the application’s auto-update mechanism against documented vulnerabilities.
Notepad++ v8.9.3 Release
The most notable security implementation in version 8.9.3 is the remediation of a vulnerability within the application’s auto-updater framework.
The development team has updated the cURL component in WinGUp to version 8.19.0, mitigating a specific security issue, CVE-2025-14819.
Additionally, this release resolves an unintended privilege escalation bug introduced in prior versions. Previously, installing or removing a plugin caused Notepad++ to inadvertently relaunch with permanent administrative privileges. This regression has been successfully patched, ensuring the application adheres to standard user privilege limits during routine plugin management.
| Vulnerability / Issue | Component Affected | Resolution |
|---|---|---|
| CVE-2025-14819 | WinGUp Auto-Updater | Updated embedded cURL to v8.19.0 |
| Admin Privilege Bug | Plugin Manager | Prevented permanent admin rights upon N++ restart |
| MITM Update Failure | Network / Updater | Fixed plugin and update downloads behind corporate proxies |
Core Upgrades and Crash Issues
To optimize the performance of reading and writing configuration files, Notepad++ has been steadily migrating from TinyXML to the newer pugixml parser over recent updates. Version 8.9.3 marks the completion of this structural overhaul.
Alongside the performance boost, developers have squashed several regressions stemming from this transition, including localized Workspace text errors and incorrect text displays for non-UTF8 documents.
The core components driving the text editor’s interface have also received substantial upgrades, with Scintilla updating to version 5.6.0 and Lexilla advancing to version 5.4.7.
System stability remains a primary focus in this deployment. The engineering team has successfully isolated and fixed a long-standing defect where initiating a print job caused the entire application to crash.
Similar fatal errors involving User Defined Languages (UDL) have been corrected. Furthermore, a memory leak occurring upon application exit has been sealed, preventing resource degradation during prolonged development sessions.
System administrators managing enterprise deployments gain valuable new controls in this release. The introduction of the disableNppAutoUpdate.xml file allows IT teams to explicitly disable auto-updates even when the WinGUp executable is present.
A secondary protective enhancement prevents XML configuration files from being inadvertently overwritten when updating portable packages via standard copy-and-paste methods.
Other notable fixes include resolving an issue where “Find in Files” failed to search file content on disk, stopping Notepad++ from spawning redundant Windows Explorer processes in Task Manager, and adding native Autocompletion and Function List support for the D programming language.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.