CVE-2025-53000

NameCVE-2025-53000
DescriptionThe nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. As of time of publication, no known patches exist.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nbconvert (PTS)bullseye5.6.1-3fixed
bullseye (security)5.6.1-3+deb11u1fixed
bookworm6.5.3-3fixed
forky, sid, trixie7.16.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nbconvertsource(unstable)(not affected)

Notes

- nbconvert <not-affected> (Windows-specific)
https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports/
https://github.com/jupyter/nbconvert/issues/2258
Search for package or bug name: Reporting problems