nbconvert has an uncontrolled search path that leads to unauthorized...

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. As of time of publication, no known patches exist.

AI Analysis

Uncontrolled search path vulnerability in nbconvert on Windows, allowing unauthorized code execution when converting notebooks to PDF

Basic Information

ID CVE-2025-53000

Source GitHub_M

Published Dec 17, 2025 at 20:27

Affected Product

Vendor jupyter

Product nbconvert

Affected Versions jupyter nbconvert 0

CWE Classification

CWE-427

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Project Jupyter

Product nbconvert

Version up to 7.16.6

References

www.imperva.com /blog/code-execution-in-jupyter-notebook-exports

{
    "lastseen": "",
    "description": "The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. As of time of publication, no known patches exist.",
    "published": "2025-12-17T20:27:59.578Z",
    "modified": "2025-12-17T20:27:59.578Z",
    "type": "cve",
    "title": "nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows",
    "source": "GitHub_M",
    "references": "https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports",
    "id": "CVE-2025-53000",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427"
    ],
    "cvelist": null,
    "sourceData": "jupyter nbconvert 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "nbconvert",
    "version": "0",
    "vendor": "jupyter",
    "ai_description": "Uncontrolled search path vulnerability in nbconvert on Windows, allowing unauthorized code execution when converting notebooks to PDF",
    "ai_severity": "High",
    "ai_vendor": "Project Jupyter",
    "ai_product": "nbconvert",
    "ai_version": "up to 7.16.6",
    "ai_score": 8.5
}

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows_CVE-2025-53000