Unauthorized Code Execution in Jupyter nbconvert on Windows
CVE-2025-53000

8.5HIGH

Key Information:

Vendor: Jupyter
Status: Nbconvert
Vendor: CVE Published:; 17 December 2025

What is CVE-2025-53000?

The nbconvert tool, used for converting Jupyter notebooks to various formats, is susceptible to a vulnerability when handling SVG output on Windows systems. This issue allows a malicious third party to create an inkscape.bat file within a directory containing a notebook. When a user executes the command jupyter nbconvert --to pdf on such a notebook, the inkscape.bat file is triggered, leading to arbitrary code execution. As of now, no patches have been released to address this vulnerability, highlighting an important security concern for users operating on Windows.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

nbconvert 0 <= 7.16.6

References

https://www.imperva.com/blog/code-execution-in-jupyter-no...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Jun 24, 2025

JSON

Jupyter

What is CVE-2025-53000?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.