CVE-2025-30167 is a high-severity vulnerability classified under CWE-427 (Uncontrolled Search Path Element) affecting the jupyter_core package used in Jupyter projects. Specifically, versions of jupyter_core prior to 5.8.0 on Windows platforms are vulnerable. The issue arises because the software searches the shared Windows %PROGRAMDATA% directory for configuration files (SYSTEM_CONFIG_PATH and SYSTEM_JUPYTER_PATH) without sufficient restrictions on who can write to this directory. On multi-user Windows systems where %PROGRAMDATA% is writable by non-administrative users, an attacker with limited privileges can place malicious configuration files in this shared directory. These malicious configurations can then influence the behavior of Jupyter Core processes run by other users, potentially leading to privilege escalation or execution of arbitrary code with higher privileges. The vulnerability requires local access with limited privileges and some user interaction, as indicated by the CVSS vector (AV:L/AC:L/PR:L/UI:R). The impact on confidentiality, integrity, and availability is high, as malicious configurations can compromise system security and user data. No known exploits are currently reported in the wild, but the vulnerability is publicly disclosed and patched in jupyter_core version 5.8.0 and later. The root cause is the insecure handling of search paths for configuration files in a shared directory that is not properly permissioned, allowing untrusted users to influence system-wide configurations.

For European organizations, especially those using Jupyter on shared Windows systems (e.g., in academic, research, or enterprise environments with multiple users on the same machine), this vulnerability poses a significant risk. Attackers with limited access could escalate privileges or execute malicious code affecting other users, potentially leading to data breaches, disruption of scientific or analytical workflows, and compromise of sensitive research or business data. The impact is particularly critical in environments where Jupyter is used for data science, machine learning, or other sensitive computations. Organizations relying on shared Windows workstations or servers without strict directory permissions are at increased risk. This vulnerability could also facilitate lateral movement within networks if exploited, increasing the overall threat surface. Given the high confidentiality, integrity, and availability impact, European organizations must prioritize remediation to avoid operational and reputational damage.

1. Upgrade jupyter_core to version 5.8.0 or later immediately to apply the official patch addressing this vulnerability. 2. As an administrator, audit and modify permissions on the %PROGRAMDATA% directory to ensure it is not writable by unauthorized users. This includes removing write permissions for standard users and restricting it to administrators only. 3. Create the %PROGRAMDATA%\jupyter directory with restrictive permissions that prevent unauthorized modification. 4. Set the %PROGRAMDATA% environment variable to point to a directory controlled by administrators or the current user with appropriate restrictive permissions, thereby preventing untrusted users from influencing configuration file loading. 5. Implement monitoring and alerting for unexpected changes in %PROGRAMDATA% and related configuration files to detect potential exploitation attempts. 6. Educate users and administrators about the risks of running Jupyter on shared Windows systems without proper permissions and encourage best practices for multi-user environments. 7. Consider isolating Jupyter environments per user or using containerization to reduce shared resource risks. These mitigations go beyond generic advice by focusing on Windows-specific directory permissions and environment variable controls critical to this vulnerability.