CVE-2025-53000

Exploit

EPSS 0.01%
Veröffentlicht 17.12.2025 20:27:59
Zuletzt bearbeitet 18.02.2026 19:21:40
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jupyter ≫ Nbconvert SwPlatformpython Version <= 7.16.6

Microsoft ≫ Windows Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.01

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com	8.5	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports

Third Party Advisory

Exploit

https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104

https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71

https://github.com/jupyter/nbconvert/issues/2258

https://github.com/jupyter/nbconvert/releases/tag/v7.17.0

https://github.com/jupyter/nbconvert/security/advisories/GHSA-xm59-rqc7-hhvf

https://nvd.nist.gov/vuln/detail/CVE-2025-53000

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-53000

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-53000

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-53000