DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CVE-2025-53000

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-53000

Severity

Unknown

Summary

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

Description

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a inkscape.bat file that defines a Windows batch script, capable of arbitrary code execution. When a user runs jupyter nbconvert --to pdf on a notebook containing SVG output to a PDF on a Windows platform from this directory, the inkscape.bat file is run unexpectedly. As of time of publication, no known patches exist.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-53000
  • https://github.com/advisories/GHSA-xm59-rqc7-hhvf
  • https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53000.json
  • https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal