{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-53000","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-06-24T03:50:36.795Z","datePublished":"2025-12-17T20:27:59.578Z","dateUpdated":"2026-02-18T18:36:34.309Z"},"containers":{"cna":{"title":"nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows","problemTypes":[{"descriptions":[{"cweId":"CWE-427","lang":"en","description":"CWE-427: Uncontrolled Search Path Element","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":8.5,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0"}}],"references":[{"name":"https://github.com/jupyter/nbconvert/security/advisories/GHSA-xm59-rqc7-hhvf","tags":["x_refsource_CONFIRM"],"url":"https://github.com/jupyter/nbconvert/security/advisories/GHSA-xm59-rqc7-hhvf"},{"name":"https://github.com/jupyter/nbconvert/issues/2258","tags":["x_refsource_MISC"],"url":"https://github.com/jupyter/nbconvert/issues/2258"},{"name":"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71","tags":["x_refsource_MISC"],"url":"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71"},{"name":"https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104","tags":["x_refsource_MISC"],"url":"https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104"},{"name":"https://github.com/jupyter/nbconvert/releases/tag/v7.17.0","tags":["x_refsource_MISC"],"url":"https://github.com/jupyter/nbconvert/releases/tag/v7.17.0"},{"name":"https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports","tags":["x_refsource_MISC"],"url":"https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports"}],"affected":[{"vendor":"jupyter","product":"nbconvert","versions":[{"version":"< 7.17.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-02-18T18:36:34.309Z"},"descriptions":[{"lang":"en","value":"The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0."}],"source":{"advisory":"GHSA-xm59-rqc7-hhvf","discovery":"UNKNOWN"}},"adp":[{"references":[{"url":"https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-17T20:43:43.579788Z","id":"CVE-2025-53000","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-18T15:09:46.627Z"}}]}}