CVE-2025-30167 is a vulnerability classified under CWE-427 (Uncontrolled Search Path Element) affecting the jupyter_core package on Windows platforms prior to version 5.8.0. Jupyter Core is fundamental to Jupyter projects, providing core functionality including configuration management. On Windows, the software searches the shared %PROGRAMDATA% directory for configuration files (SYSTEM_CONFIG_PATH and SYSTEM_JUPYTER_PATH). Because %PROGRAMDATA% is a common directory accessible by multiple users, if its permissions are not properly restricted, a non-privileged user can place or modify configuration files that influence the behavior of Jupyter Core for other users on the same system. This can lead to privilege escalation or execution of malicious code under the context of other users, potentially including administrators. The vulnerability requires local access with at least limited privileges and user interaction to exploit. The CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, low privileges required, user interaction needed, unchanged scope, and high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild. Mitigations include upgrading to version 5.8.0 or later, restricting write permissions on %PROGRAMDATA% or the %PROGRAMDATA%\jupyter directory, or redirecting the %PROGRAMDATA% environment variable to a secure location controlled by administrators or the user. This vulnerability mainly affects shared Windows systems with multiple users and improperly secured directories, common in enterprise or academic environments where Jupyter is used for data science and research.

For European organizations, this vulnerability poses a significant risk in environments where Jupyter is deployed on shared Windows systems, such as university labs, research institutions, and enterprise data science teams. Exploitation could allow a malicious insider or compromised user to escalate privileges, execute arbitrary code, or disrupt services by manipulating Jupyter configuration files. This threatens the confidentiality of sensitive research data, the integrity of computational results, and the availability of Jupyter services. Given the widespread use of Jupyter in scientific computing and data analysis across Europe, particularly in countries with strong research sectors, the impact could be substantial. Organizations with lax permissions on shared directories are at higher risk. The vulnerability could also facilitate lateral movement within networks if attackers gain elevated privileges. Although no exploits are known in the wild, the ease of exploitation with local access and user interaction means organizations should act proactively to prevent potential attacks.

1. Upgrade all affected systems to jupyter_core version 5.8.0 or later immediately to apply the official patch. 2. As an administrator, audit and harden permissions on the %PROGRAMDATA% directory to ensure it is not writable by unauthorized users. 3. Create the %PROGRAMDATA%\jupyter directory with restrictive permissions, allowing write access only to trusted administrators. 4. Consider setting the %PROGRAMDATA% environment variable to a directory with controlled access, either per-user or managed by administrators, to prevent unauthorized configuration file placement. 5. Implement strict user access controls and monitor file system changes within %PROGRAMDATA% to detect suspicious activity. 6. Educate users about the risks of running untrusted code or scripts in Jupyter environments. 7. Employ endpoint protection solutions capable of detecting unauthorized configuration changes or privilege escalation attempts. 8. Regularly review and update security policies for shared Windows systems hosting Jupyter to minimize attack surface.