CVE-2025-53000

Vulnerability Description

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. As of time of publication, no known patches exist.

Vulnerability Details

Published Date

December 17, 2025

Last Modified

December 18, 2025

Source

MITRE

Vendor

jupyter

Product

nbconvert

External References

https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment