Jupyter nbconvert, Uncontrolled Search Path Element, CVE-2025-53000 (High)

By /

Listen to this Post

When the `nbconvert` tool converts a notebook containing SVG output to a PDF on Windows, it must find the Inkscape executable for vector graphic processing. It does this by calling Python’s shutil.which("inkscape"). On Windows, the default behavior of the system search path, controlled by the `NeedCurrentDirectoryForExePathW` API, includes the current working directory (CWD) unless the `NoDefaultCurrentDirectoryInExePath` environment variable is explicitly set. Furthermore, in Python versions earlier than 3.12, `shutil.which()` ignores this environment variable entirely, making the unsafe search unavoidable through configuration on those versions. Since `nbconvert` supports Python versions from 3.9 onward, many installations are vulnerable. An attacker can exploit this by placing a malicious file named `inkscape.bat` in the same directory as a target Jupyter notebook. When a user runs the command `jupyter nbconvert –to pdf` from that directory, the system’s search prioritizes the malicious batch file in the CWD over the legitimate Inkscape executable in the system’s PATH. This results in the arbitrary execution of the attacker’s code with the privileges of the user running nbconvert.
Platform: Jupyter nbconvert
Version: Up to 7.16.6
Vulnerability: Uncontrolled Search Path
Severity: High
date: 2025-12-17

Prediction: Q1 2026

What Undercode Say:

Analytics:

echo msg "You've been hacked!" > inkscape.bat
jupyter nbconvert --to pdf notebook.ipynb

In svg2pdf.py, line ~104
inkscape_path = which("inkscape") Vulnerable call

How Exploit:

  • Attacker plants malicious inkscape.bat.
  • User converts notebook to PDF.
  • Batch file executes automatically.

Protection from this CVE:

  • Set `NoDefaultCurrentDirectoryInExePath=1` environment variable.
  • Use absolute paths for executables.
  • Upgrade to Python 3.12+.

Impact:

  • Arbitrary code execution.
  • Full compromise of user’s data and workflows.
  • Theft of cached cloud credentials.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top