CVE-2025-52938

Summary

Out-of-bounds Read vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files lparser.C.

This issue affects NotepadNext: through v0.11.

The singlevar() in lparser.c lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

Affected Software

VendorProductVersion RangeStatus
dail8859NotepadNext0 <= v0.11affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References