ghsa-xm59-rqc7-hhvf
Vulnerability from github
Summary
On Windows, converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a inkscape.bat file that defines a Windows batch script, capable of arbitrary code execution.
When a user runs jupyter nbconvert --to pdf on a notebook containing SVG output to a PDF on a Windows platform from this directory, the inkscape.bat file is run unexpectedly.
Details
Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.
nbconvert searches for an inkscape executable when converting notebooks to PDFs here: https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104
The MITRE page on CWE-427 (Uncontrolled Search Path Element) summarizes the root cause succinctly:
In Windows-based systems, when the
LoadLibraryorLoadLibraryExfunction is called with a DLL name that does not contain a fully qualified path, the function follows a search order that includes two path elements that might be uncontrolled: - the directory from which the program has been loaded - the current working directory
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
-
Create a directory containing:
-
A hidden bat file called
inkscape.batcontainingmsg * "You've been hacked!" -
A dummy ipynb file called
Machine_Learning.ipynb
-
-
Run the command
jupyter nbconvert --to pdf Machine_Learning.ipynb. -
Wait a few seconds, and you should see a popup showing the message "You've been hacked!"
Impact
All Windows users.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "nbconvert"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.16.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-53000"
],
"database_specific": {
"cwe_ids": [
"CWE-427"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-18T22:03:08Z",
"nvd_published_at": "2025-12-17T21:16:14Z",
"severity": "HIGH"
},
"details": "### Summary\n\nOn Windows, converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a [Windows batch script](https://en.wikipedia.org/wiki/Batch_file), capable of arbitrary code execution.\n\nWhen a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly.\n\n### Details\n_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._\n\n`nbconvert` searches for an `inkscape` executable when converting notebooks to PDFs here: https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104\n\nThe MITRE page on [CWE-427 (Uncontrolled Search Path Element)](https://cwe.mitre.org/data/definitions/427.html) summarizes the root cause succinctly:\n\n\u003e In Windows-based systems, when the `LoadLibrary` or `LoadLibraryEx` function is called with a DLL name that does not contain a fully qualified path, the function follows a search order that includes two path elements that might be uncontrolled:\n\u003e - the directory from which the program has been loaded\n\u003e - the current working directory\n\n### PoC\n\n_Complete instructions, including specific configuration details, to reproduce the vulnerability._\n\n1. Create a directory containing: \n\n - A hidden bat file called `inkscape.bat` containing `msg * \"You\u0027ve been hacked!\"`\n\n - A dummy ipynb file called `Machine_Learning.ipynb`\n\n2. Run the command `jupyter nbconvert --to pdf Machine_Learning.ipynb`.\n\n3. Wait a few seconds, and you should see a popup showing the message \"You\u0027ve been hacked!\" \n\n### Impact\n\nAll Windows users.",
"id": "GHSA-xm59-rqc7-hhvf",
"modified": "2025-12-18T22:03:08Z",
"published": "2025-12-18T22:03:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53000"
},
{
"type": "PACKAGE",
"url": "https://github.com/jupyter/nbconvert"
},
{
"type": "WEB",
"url": "https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104"
},
{
"type": "WEB",
"url": "https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.