greprules.io
Sign inSubmit rule
Explore/cve-2025-15556-notepadpp-wingup-missing-cert-verification

CVE-2025-15556: Notepadpp Wingup Missing Cert Verification

The application invokes the WinGUp updater without explicitly enforcing cryptographic signature checks. An attacker in a privileged network position could intercept the HTTP(S) update request and serve a malicious executable payload, leading to arbitrary code execution. Ensure that '-chkCertSig=yes' is passed.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0cpp
greprules fetch cve-2025-15556-notepadpp-wingup-missing-cert-verification --engine opengrep

Description

The application invokes the WinGUp updater without explicitly enforcing cryptographic signature checks. An attacker in a privileged network position could intercept the HTTP(S) update request and serve a malicious executable payload, leading to arbitrary code execution. Ensure that '-chkCertSig=yes' is passed.

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Trust signals
108 downloads0 direct108 via packs
· 0 stars · Trust score 61How trust works
Included packs
2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark usefulReport false positiveSuggest metadata