Reverse Tabnabbing Vulnerability in JupyterLab by Project Jupyter
CVE-2025-59842

2.1LOW

Key Information:

Vendor: Jupyterlab
Status: Jupyterlab
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-59842?

Prior to version 4.4.8, JupyterLab did not enforce the noopener attribute on links generated through LaTeX typesetters in Markdown files, potentially exposing users to reverse tabnabbing attacks. This flaw is primarily a concern in instances where third-party LaTeX-rendering extensions generate links with a target='_blank' attribute. While this vulnerability does not affect default installations, users of these extensions should upgrade to version 4.4.8 to ensure protection against potential exploits that could compromise their sessions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

jupyterlab < 4.4.8

References

https://github.com/jupyterlab/jupyterlab/security/advisor...

x_refsource_CONFIRM

https://github.com/jupyterlab/jupyterlab/commit/88ef37303...

x_refsource_MISC

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Sep 22, 2025

JSON

Jupyterlab