CVE-2025-53000
- Source
- https://cve.org/CVERecord?id=CVE-2025-53000
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53000.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-53000
- Aliases
- Downstream
- Related
- Published
- 2025-12-17T20:27:59.578Z
- Modified
- 2026-03-14T12:45:01.587705Z
- Severity
-
- 8.5 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows
- Details
-
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a
inkscape.batfile that defines a Windows batch script, capable of arbitrary code execution. When a user runsjupyter nbconvert --to pdfon a notebook containing SVG output to a PDF on a Windows platform from this directory, theinkscape.batfile is run unexpectedly. This issue has been patched in version 7.17.0. - Database specific
{ "cwe_ids": [ "CWE-427" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53000.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53000.json
- https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104
- https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71
- https://github.com/jupyter/nbconvert/issues/2258
- https://github.com/jupyter/nbconvert/releases/tag/v7.17.0
- https://github.com/jupyter/nbconvert/security/advisories/GHSA-xm59-rqc7-hhvf
- https://nvd.nist.gov/vuln/detail/CVE-2025-53000
- https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports
Affected packages
Git / github.com/jupyter/nbconvert
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jupyter/nbconvert
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.0.0
4.1.0
4.2.0
4.3.0
5.*
5.0.0
5.1
5.1.0
5.1.1
5.2.1
5.3.0
5.3.1
5.4
5.4.1
5.5
5.5.0
5.6.0
5.6.1
6.*
6.0.0
6.0.0a0
6.0.0a1
6.0.0a2
6.0.0a3
6.0.0a4
6.0.0a5
6.0.0a6
6.0.0b7
6.0.0rc0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.7
6.1.0
6.1.0rc0
6.1.1b0
6.2.0
6.2.0rc0
6.2.0rc1
6.2.0rc2
6.3.0
6.3.0b0
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.4.5
6.5
6.5.0
7.*
7.0.0
7.0.0rc0
7.0.0rc1
7.0.0rc2
7.0.0rc3
7.1.0
v7.*
v7.10.0
v7.11.0
v7.12.0
v7.13.0
v7.13.1
v7.14.0
v7.14.1
v7.14.2
v7.15.0
v7.16.0
v7.16.1
v7.16.2
v7.16.3
v7.16.4
v7.16.5
v7.16.6
v7.2.0
v7.2.1
v7.2.10
v7.2.2
v7.2.3
v7.2.4
v7.2.5
v7.2.6
v7.2.7
v7.2.8
v7.2.9
v7.3.0
v7.3.1
v7.4.0
v7.5.0
v7.6.0
v7.7.0
v7.7.1
v7.7.2
v7.7.3
v7.7.4
v7.8.0
v7.9.0
v7.9.1
v7.9.2