CVE-2025-52939 - Vulnerability Details - OpenCVE

Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects NotepadNext: through v0.11.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://github.com/dail8859/NotepadNext/commit/3e928d91b8fc8bb5c77801ee8652f41e98d12571
https://github.com/dail8859/NotepadNext/pull/757/files

History

Mon, 23 Jun 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 23 Jun 2025 09:45:00 +0000

Type	Values Removed	Values Added
Description		Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects NotepadNext: through v0.11.
Title		Potential heap-buffer overflow vulnerability in NotepadNext
Weaknesses		CWE-787
References		https://github.com/dail8859/NotepadNext/commit/3e928d91b8fc8bb5c77801ee8652f41e98d12571 https://github.com/dail8859/NotepadNext/pull/757/files
Metrics		cvssV4_0 `{'score': 9.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:M/U:Red'}`

MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published: 2025-06-23T09:26:56.917Z

Updated: 2025-06-23T12:34:13.199Z

Reserved: 2025-06-23T09:24:36.336Z

Link: CVE-2025-52939

Vulnrichment

Updated: 2025-06-23T12:34:03.775Z

NVD

Status : Awaiting Analysis

Published: 2025-06-23T10:15:28.007

Modified: 2025-06-23T20:16:21.633

Link: CVE-2025-52939

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52939", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2025-06-23T09:24:36.336Z", "datePublished": "2025-06-23T09:26:56.917Z", "dateUpdated": "2025-06-23T12:34:13.199Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["src/lua/src"], "product": "NotepadNext", "programFiles": ["ldebug.c", "lvm.c"], "repo": "https://github.com/dail8859/NotepadNext", "vendor": "dail8859", "versions": [{"lessThanOrEqual": "v0.11", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules).<p> This vulnerability is associated with program files <tt>ldebug.C</tt>, <tt>lvm.C</tt>.</p><p>This issue affects NotepadNext: through v0.11.</p>"}], "value": "Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C.\n\nThis issue affects NotepadNext: through v0.11."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 9.4, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2025-06-23T09:26:56.917Z"}, "references": [{"tags": ["patch", "third-party-advisory"], "url": "https://github.com/dail8859/NotepadNext/pull/757/files"}, {"tags": ["patch"], "url": "https://github.com/dail8859/NotepadNext/commit/3e928d91b8fc8bb5c77801ee8652f41e98d12571"}], "source": {"discovery": "UNKNOWN"}, "title": "Potential heap-buffer overflow vulnerability in NotepadNext", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-23T12:31:43.227816Z", "id": "CVE-2025-52939", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T12:34:13.199Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52939", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-23T12:31:43.227816Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T12:34:03.775Z"}}], "cna": {"title": "Potential heap-buffer overflow vulnerability in NotepadNext", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 9.4, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:M/U:Red", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/dail8859/NotepadNext", "vendor": "dail8859", "modules": ["src/lua/src"], "product": "NotepadNext", "versions": [{"status": "affected", "version": "0", "versionType": "git", "lessThanOrEqual": "v0.11"}], "programFiles": ["ldebug.c", "lvm.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/dail8859/NotepadNext/pull/757/files", "tags": ["patch", "third-party-advisory"]}, {"url": "https://github.com/dail8859/NotepadNext/commit/3e928d91b8fc8bb5c77801ee8652f41e98d12571", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C.\n\nThis issue affects NotepadNext: through v0.11.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules).<p> This vulnerability is associated with program files <tt>ldebug.C</tt>, <tt>lvm.C</tt>.</p><p>This issue affects NotepadNext: through v0.11.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2025-06-23T09:26:56.917Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52939", "state": "PUBLISHED", "dateUpdated": "2025-06-23T12:34:13.199Z", "dateReserved": "2025-06-23T09:24:36.336Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2025-06-23T09:26:56.917Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C.\n\nThis issue affects NotepadNext: through v0.11."}], "id": "CVE-2025-52939", "lastModified": "2025-06-23T20:16:21.633", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2025-06-23T10:15:28.007", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/dail8859/NotepadNext/commit/3e928d91b8fc8bb5c77801ee8652f41e98d12571"}, {"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/dail8859/NotepadNext/pull/757/files"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}