CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-30167

Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.8%

CVSS Severity

CVSS v3 Score 7.3

References

https://github.com/jupyter/jupyter_core/security/advisories/GHSA-33p9-3p43-82vq

Products affected by CVE-2025-30167

Jupyter » Jupyter Core » Version: N/A

cpe:2.3:a:jupyter:jupyter_core:-
Jupyter » Jupyter Core » Version: 4.0

cpe:2.3:a:jupyter:jupyter_core:4.0
Jupyter » Jupyter Core » Version: 4.0.1

cpe:2.3:a:jupyter:jupyter_core:4.0.1
Jupyter » Jupyter Core » Version: 4.0.2

cpe:2.3:a:jupyter:jupyter_core:4.0.2
Jupyter » Jupyter Core » Version: 4.0.3

cpe:2.3:a:jupyter:jupyter_core:4.0.3
Jupyter » Jupyter Core » Version: 4.0.4

cpe:2.3:a:jupyter:jupyter_core:4.0.4
Jupyter » Jupyter Core » Version: 4.0.5

cpe:2.3:a:jupyter:jupyter_core:4.0.5
Jupyter » Jupyter Core » Version: 4.0.6

cpe:2.3:a:jupyter:jupyter_core:4.0.6
Jupyter » Jupyter Core » Version: 4.1.0

cpe:2.3:a:jupyter:jupyter_core:4.1.0
Jupyter » Jupyter Core » Version: 4.1.1

cpe:2.3:a:jupyter:jupyter_core:4.1.1
Jupyter » Jupyter Core » Version: 4.10.0

cpe:2.3:a:jupyter:jupyter_core:4.10.0
Jupyter » Jupyter Core » Version: 4.11.0

cpe:2.3:a:jupyter:jupyter_core:4.11.0
Jupyter » Jupyter Core » Version: 4.11.1

cpe:2.3:a:jupyter:jupyter_core:4.11.1
Jupyter » Jupyter Core » Version: 4.11.2

cpe:2.3:a:jupyter:jupyter_core:4.11.2
Jupyter » Jupyter Core » Version: 4.2.0

cpe:2.3:a:jupyter:jupyter_core:4.2.0
Jupyter » Jupyter Core » Version: 4.2.1

cpe:2.3:a:jupyter:jupyter_core:4.2.1
Jupyter » Jupyter Core » Version: 4.3.0

cpe:2.3:a:jupyter:jupyter_core:4.3.0
Jupyter » Jupyter Core » Version: 4.4.0

cpe:2.3:a:jupyter:jupyter_core:4.4.0
Jupyter » Jupyter Core » Version: 4.5.0

cpe:2.3:a:jupyter:jupyter_core:4.5.0
Jupyter » Jupyter Core » Version: 4.6.0

cpe:2.3:a:jupyter:jupyter_core:4.6.0
Jupyter » Jupyter Core » Version: 4.6.1

cpe:2.3:a:jupyter:jupyter_core:4.6.1
Jupyter » Jupyter Core » Version: 4.6.2

cpe:2.3:a:jupyter:jupyter_core:4.6.2
Jupyter » Jupyter Core » Version: 4.6.3

cpe:2.3:a:jupyter:jupyter_core:4.6.3
Jupyter » Jupyter Core » Version: 4.7.0

cpe:2.3:a:jupyter:jupyter_core:4.7.0
Jupyter » Jupyter Core » Version: 4.7.1

cpe:2.3:a:jupyter:jupyter_core:4.7.1
Jupyter » Jupyter Core » Version: 4.8.0

cpe:2.3:a:jupyter:jupyter_core:4.8.0
Jupyter » Jupyter Core » Version: 4.8.2

cpe:2.3:a:jupyter:jupyter_core:4.8.2
Jupyter » Jupyter Core » Version: 4.9.0

cpe:2.3:a:jupyter:jupyter_core:4.9.0
Jupyter » Jupyter Core » Version: 4.9.1

cpe:2.3:a:jupyter:jupyter_core:4.9.1
Jupyter » Jupyter Core » Version: 4.9.2

cpe:2.3:a:jupyter:jupyter_core:4.9.2
Jupyter » Jupyter Core » Version: 5.0.0

cpe:2.3:a:jupyter:jupyter_core:5.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-30167

Products

Pricing

Contact Us