• Skip to Content
  • Skip to Main Navigation
  • Skip to Search

Indiana University Indiana University IU

Open Search
  • Personal Preparedness
    • Email & phishing scams
    • Identity verification
    • IU passphrases
    • Hardware & software security
      • Laptop & mobile device security
      • Malware, scareware, & ransomware
      • Wearable technologies
      • Use of survey software
    • File sharing & copyright
      • Contesting copyright infringement notices
      • Disabling peer-to-peer file sharing
      • Copyright tutorial
      • Copyright infringement incident resolution
    • Vulnerability Disclosure Guidance
    • Keeping data safe
    • Web privacy
    • Account privileges
    • Remote Desktop
  • Information & IT Policies
    • Policy Hierarchy
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Review
    • IT-12 Security Standards
  • Information Security & Privacy Program
    • Scope
    • Goals & Objectives
    • Governance
    • Principles
    • Safeguards
      • Risk assessment and treatment
      • Policy administration
      • Organization
      • Asset management
      • Human resources
      • Physical & environmental security
      • Communications & operations management
      • Identity & access control
      • Information systems acquisition, development, and maintenance
      • Incident management
      • Business continuity management
      • Compliance
    • Charter
  • Resources for IT Staff
    • Information security best practices
    • SSL/TLS certificates
    • Information Risk Assessments
    • SecureMyResearch
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • CIS Secure Suite
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
      • Privacy Notice Generator
      • Incident Response Webservice
  • About
    • Glossary of Terms
    • Trustees Resolution
  • Contact
  • Report an Incident
    • Report Privacy Incident or Request Assistance
    • Emergency IT Incidents
    • Managing Incidents
    • Identity Theft
    • Reporting Suspected Sensitive Data Exposures
    • Reporting Suspected HIPAA Data Exposures

Information Security & Policy

  • Home
  • Personal Preparedness
    • Email & phishing scams
    • Identity verification
    • IU passphrases
    • Hardware & software security
    • File sharing & copyright
    • Vulnerability Disclosure Guidance
    • Keeping data safe
    • Web privacy
    • Account privileges
    • Remote Desktop
  • Information & IT Policies
    • Policy Hierarchy
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Review
    • IT-12 Security Standards
  • Information Security & Privacy Program
    • Scope
    • Goals & Objectives
    • Governance
    • Principles
    • Safeguards
    • Charter
  • Resources for IT Staff
    • Information security best practices
    • SSL/TLS certificates
    • Information Risk Assessments
    • SecureMyResearch
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • CIS Secure Suite
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
  • Search
  • About
  • Contact
  • Report an Incident
  • Home
  • Security Bulletins
  • Notepad++ Remote Access Tool Vulnerability

Notepad++ Remote Access Tool Vulnerability

Monday, February 02, 2026

Background

On February 2, 2026, a critical security vulnerability affecting Notepad++ was identified. This exploit allowssoftware updates to be intercepted and redirected to deliver a remote access tool (RAT), now identified as Chrysalis.

Impact

Chrysalis provides operators with full remote access, including command execution, file manipulation, and secondary payload deployment.

Platforms Affected

This vulnerability is present in all versions of Notepad++ prior to v8.8.9. Systems with Notepad++ installed that were active between June–December 2025 should receive patching focus. 

Local Observations

The University Information Security Office has taken protective measures in concert with Endpoint Management Services (EMS), which include pushing updates to all centrally managed devices to mitigate risk. 

UISO Recommendations

System administrators for devices running Notepad++ v8.8.9 and earlier should upgrade all existing Notepad++ installations to v8.9.1 or later, using a manually verified installer.

If immediate patching is not possible, disable WinGUp (gup.exe) auto-update functionality going forward.

Resources

  1. CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15556

  2. Patch Downloads https://notepad-plus-plus.org/downloads/

Information Security & Policy resources

  • Leading in Cybersecurity
  • IU Data Management

Indiana University

Accessibility | College Scorecard | Open to All | Privacy Notice | Copyright © 2026 The Trustees of Indiana University