Medium severityOSV Advisory· Published Jun 23, 2025· Updated Apr 15, 2026

CVE-2025-52938

Description

Out-of-bounds Read vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files lparser.C.

This issue affects NotepadNext: through v0.11.

The singlevar() in lparser.c lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

Affected products

Dail8859/NotepadnextOSV
Range: v0.1, v0.10, v0.11, …

Patches

66b8a97d9fdf

https://github.com/dail8859/notepadnextvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/dail8859/NotepadNext/commit/66b8a97d9fdfd2257996875716f39c18d84e004fnvd
github.com/dail8859/NotepadNext/pull/756nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000