CVE-2025-52939 — Out-of-bounds Write in Notepadnext

CWE-787 — Out-of-bounds Write CWE-476 — NULL Pointer Dereference4 documents3 sources

Severity

9.4CRITICALNVD

EPSS

0.1%

top 70.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dail8859 Notepadnext Msrc Cbl2 Ceph 16.2.10-7 ON CBL Mariner 2.0 Msrc Cbl2 Ceph 16.2.10-8 ON CBL Mariner 2.0 +3 more

Timeline

PublishedJun 23

Description

Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects NotepadNext: through v0.11.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N

Affected Packages6 packages

▶CVEListV5dail8859/notepadnextv0.11

▶msrcmsrc/cbl2_ceph_16.2.10-7_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_ceph_16.2.10-8_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-hhj4-3c38-ppmf: Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules)↗2025-06-23

▶

📋Vendor Advisories

Microsoft

Potential heap-buffer overflow vulnerability in NotepadNext↗2025-06-10

▶

Microsoft

mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath()↗2025-03-11

▶