CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Severity: Low

Fixed in v8.12.0
Reference: https://curl.se/docs/CVE-2025-0167.html

Vulnerable in current Notepad++ (v8.8.1 32-bit):
Path: C:\Program Files (x86)\Notepad++\updater\libcurl.dll
Version: 8.10.1.0

Our enterprise vulnerability scanners are not happy about this. :)