Two confirmed critical vulnerabilities in Notepad++ for Windows have been patched: CVE-2025-15556 and CVE-2025-49144, both enabling potential arbitrary code execution or privilege escalation. A third CVE referenced in coverage could not be confirmed from available sources. EPSS for CVE-2025-15556 is 0.061 at the 90th percentile; no confirmed exploitation in the wild at time of analysis.