Reverse Tabnabbing Vulnerability in JupyterLab by Project Jupyter
CVE-2025-59842

2.1LOW

Key Information:

Vendor: Jupyterlab
Status: Jupyterlab
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-59842?

Prior to version 4.4.8, JupyterLab did not enforce the noopener attribute on links generated through LaTeX typesetters in Markdown files, potentially exposing users to reverse tabnabbing attacks. This flaw is primarily a concern in instances where third-party LaTeX-rendering extensions generate links with a target='_blank' attribute. While this vulnerability does not affect default installations, users of these extensions should upgrade to version 4.4.8 to ensure protection against potential exploits that could compromise their sessions.

Affected Version(s)

jupyterlab < 4.4.8

References

https://github.com/jupyterlab/jupyterlab/security/advisor...

x_refsource_CONFIRM

https://github.com/jupyterlab/jupyterlab/commit/88ef37303...

x_refsource_MISC

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Sep 22, 2025

CVE-2025-59842 Data

JSON

Jupyterlab

What is CVE-2025-59842?

Affected Version(s)

References

CVSS V4

Timeline