CVE-2025-53000

EUVD-2025-203957

17.12.2025, 21:16

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
jupyter	nbconvert	𝑥 ≤ 7.16.6

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

nbconvert

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	ignored
questing	needs-triage

Known Exploits!

Common Weakness Enumeration

CWE-427 - Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References

https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104

https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71

https://github.com/jupyter/nbconvert/issues/2258

https://github.com/jupyter/nbconvert/releases/tag/v7.17.0

https://github.com/jupyter/nbconvert/security/advisories/GHSA-xm59-rqc7-hhvf

https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports

https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports