CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-53000

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. As of time of publication, no known patches exist.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.1%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2025-53000

Jupyter » Nbconvert » Version: 4.0.0

cpe:2.3:a:jupyter:nbconvert:4.0.0
Jupyter » Nbconvert » Version: 4.1.0

cpe:2.3:a:jupyter:nbconvert:4.1.0
Jupyter » Nbconvert » Version: 4.2.0

cpe:2.3:a:jupyter:nbconvert:4.2.0
Jupyter » Nbconvert » Version: 4.3.0

cpe:2.3:a:jupyter:nbconvert:4.3.0
Jupyter » Nbconvert » Version: 5.0.0

cpe:2.3:a:jupyter:nbconvert:5.0.0
Jupyter » Nbconvert » Version: 5.1

cpe:2.3:a:jupyter:nbconvert:5.1
Jupyter » Nbconvert » Version: 5.1.0

cpe:2.3:a:jupyter:nbconvert:5.1.0
Jupyter » Nbconvert » Version: 5.1.1

cpe:2.3:a:jupyter:nbconvert:5.1.1
Jupyter » Nbconvert » Version: 5.2.1

cpe:2.3:a:jupyter:nbconvert:5.2.1
Jupyter » Nbconvert » Version: 5.3.0

cpe:2.3:a:jupyter:nbconvert:5.3.0
Jupyter » Nbconvert » Version: 5.3.1

cpe:2.3:a:jupyter:nbconvert:5.3.1
Jupyter » Nbconvert » Version: 5.4

cpe:2.3:a:jupyter:nbconvert:5.4
Jupyter » Nbconvert » Version: 5.4.1

cpe:2.3:a:jupyter:nbconvert:5.4.1
Jupyter » Nbconvert » Version: 5.5

cpe:2.3:a:jupyter:nbconvert:5.5
Jupyter » Nbconvert » Version: 5.5.0

cpe:2.3:a:jupyter:nbconvert:5.5.0
Jupyter » Nbconvert » Version: 5.6.0

cpe:2.3:a:jupyter:nbconvert:5.6.0
Jupyter » Nbconvert » Version: 5.6.1

cpe:2.3:a:jupyter:nbconvert:5.6.1
Jupyter » Nbconvert » Version: 6.0.0

cpe:2.3:a:jupyter:nbconvert:6.0.0
Jupyter » Nbconvert » Version: 6.0.1

cpe:2.3:a:jupyter:nbconvert:6.0.1
Jupyter » Nbconvert » Version: 6.0.2

cpe:2.3:a:jupyter:nbconvert:6.0.2
Jupyter » Nbconvert » Version: 6.0.3

cpe:2.3:a:jupyter:nbconvert:6.0.3
Jupyter » Nbconvert » Version: 6.0.4

cpe:2.3:a:jupyter:nbconvert:6.0.4
Jupyter » Nbconvert » Version: 6.0.5

cpe:2.3:a:jupyter:nbconvert:6.0.5
Jupyter » Nbconvert » Version: 6.0.6

cpe:2.3:a:jupyter:nbconvert:6.0.6
Jupyter » Nbconvert » Version: 6.0.7

cpe:2.3:a:jupyter:nbconvert:6.0.7
Jupyter » Nbconvert » Version: 6.1.0

cpe:2.3:a:jupyter:nbconvert:6.1.0
Jupyter » Nbconvert » Version: 6.1.1

cpe:2.3:a:jupyter:nbconvert:6.1.1
Jupyter » Nbconvert » Version: 6.2.0

cpe:2.3:a:jupyter:nbconvert:6.2.0
Jupyter » Nbconvert » Version: 6.3.0

cpe:2.3:a:jupyter:nbconvert:6.3.0
Jupyter » Nbconvert » Version: 6.4.0

cpe:2.3:a:jupyter:nbconvert:6.4.0
Jupyter » Nbconvert » Version: 6.4.1

cpe:2.3:a:jupyter:nbconvert:6.4.1
Jupyter » Nbconvert » Version: 6.4.2

cpe:2.3:a:jupyter:nbconvert:6.4.2
Jupyter » Nbconvert » Version: 6.4.3

cpe:2.3:a:jupyter:nbconvert:6.4.3
Jupyter » Nbconvert » Version: 6.4.4

cpe:2.3:a:jupyter:nbconvert:6.4.4
Jupyter » Nbconvert » Version: 6.4.5

cpe:2.3:a:jupyter:nbconvert:6.4.5
Jupyter » Nbconvert » Version: 6.5.0

cpe:2.3:a:jupyter:nbconvert:6.5.0
Jupyter » Nbconvert » Version: 6.5.1

cpe:2.3:a:jupyter:nbconvert:6.5.1
Jupyter » Nbconvert » Version: 6.5.2

cpe:2.3:a:jupyter:nbconvert:6.5.2
Jupyter » Nbconvert » Version: 6.5.3

cpe:2.3:a:jupyter:nbconvert:6.5.3
Jupyter » Nbconvert » Version: 7.0.0

cpe:2.3:a:jupyter:nbconvert:7.0.0
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-53000

Products

Pricing

Contact Us