QwikSec

Security Database

CVE

CWE

Training

CVE-2025-52938

Published: Jun 23, 2025

Modified: Jun 23, 2025

PUBLISHED

Description

Out-of-bounds Read vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files lparser.C. This issue affects NotepadNext: through v0.11. The singlevar() in lparser.c lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

Vendor	Product	Versions
dail8859	NotepadNext	affected `0 - <= v0.11`

Weaknesses (CWE)

References

https://github.com/dail8859/NotepadNext/pull/756

patch

third-party-advisory

https://github.com/dail8859/NotepadNext/commit/66b8a97d9fdfd2257996875716f39c18d84e004f

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.