VDB
CVE-2025-53000
CVE-2025-53000
PUBLISHED
CVSS 8.5 HIGH
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0.
EPSS 0.01% · 2.9th percentile
Risk Scores
CVSS v4.0
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.01%
2.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | nbconvert | 0 |
| jupyter | nbconvert | < 7.17.0, 0 |
Timeline
- Jun 24, 2025 CVE ID Reserved
- Dec 17, 2025 CVE Published
- Dec 17, 2025 PoC Published
- Dec 18, 2025 EPSS Score
- Dec 22, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 2, 2026 EPSS Score
- Jan 6, 2026 EPSS Score
- Jan 10, 2026 EPSS Score
- Jan 14, 2026 EPSS Score
- Jan 18, 2026 EPSS Score
References
- https://github.com/jupyter/nbconvert/security/advisories/GHSA-xm59-rqc7-hhvf url
- https://github.com/jupyter/nbconvert/issues/2258 url
- https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71 url
- https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104 url
- https://github.com/jupyter/nbconvert/releases/tag/v7.17.0 url
- https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports url
- https://nvd.nist.gov/vuln/detail/CVE-2025-53000 advisory
- https://github.com/jupyter/nbconvert package