CVE-2025-53000
nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
jupyter · nbconvertWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71https://github.com/jupyter/nbconvert/issues/2258https://github.com/jupyter/nbconvert/releases/tag/v7.17.0https://github.com/jupyter/nbconvert/security/advisories/GHSA-xm59-rqc7-hhvfhttps://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports