CVE-2025-53000Uncontrolled Search Path Element in Nbconvert

CWE-427Uncontrolled Search Path Element8 documents6 sources
Severity
8.5HIGHNVD
EPSS
0.0%
top 96.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jupyter NbconvertDebian Nbconvert
Timeline
PublishedDec 17
Latest updateDec 18

Description

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5jupyter/nbconvert< 7.17.0
PyPIjupyter/nbconvert< 7.17.0
NVDjupyter/nbconvert7.16.6

🔴Vulnerability Details

4
GHSA
nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows2025-12-18
OSV
nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows2025-12-18
OSV
CVE-2025-53000: The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates2025-12-17
OSV
CVE-2025-53000: The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates2025-12-17

📋Vendor Advisories

2
Red Hat
nbconvert: nbconvert: Arbitrary code execution via malicious SVG to PDF conversion on Windows2025-12-17
Debian
CVE-2025-53000: nbconvert - The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various oth...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-53000 Impact, Exploitability, and Mitigation Steps | Wiz