The vulnerability CVE-2025-53000 affects the jupyter nbconvert tool, specifically versions up to 7.16.6 on Windows platforms. Nbconvert converts Jupyter notebooks into various formats using Jinja templates. When converting notebooks that include SVG output to PDF format, the tool invokes Inkscape to process the SVG content. On Windows, the conversion process searches for the inkscape executable in the current working directory before the system path. An attacker can exploit this by placing a malicious inkscape.bat batch script in the directory where the conversion is run. Because Windows prioritizes batch files in the current directory, nbconvert inadvertently executes this malicious script, leading to arbitrary code execution under the context of the user running the conversion. This is an example of an uncontrolled search path element vulnerability (CWE-427), where the application trusts the presence of executables in the current directory without proper validation. The vulnerability does not require elevated privileges or prior authentication but does require the user to run the conversion command on a notebook containing SVG output. The issue was patched in nbconvert version 7.17.0 by correcting the search path handling to prevent execution of untrusted batch files. The CVSS 4.0 base score is 8.5 (high), reflecting the high impact on confidentiality, integrity, and availability, combined with the requirement for user interaction and local access. No known exploits have been reported in the wild as of publication.

This vulnerability can lead to arbitrary code execution on Windows systems running vulnerable versions of nbconvert, potentially allowing attackers to execute malicious commands with the privileges of the user performing the notebook conversion. This can compromise confidentiality by exposing sensitive data, integrity by modifying files or code, and availability by disrupting workflows or damaging systems. Since Jupyter notebooks are widely used in data science, research, and education, organizations relying on nbconvert for automated or manual notebook conversions are at risk. Attackers could leverage this vulnerability to implant persistent malware, steal intellectual property, or disrupt critical data processing pipelines. The requirement for user interaction and local access limits remote exploitation but does not eliminate risk in multi-user environments or where users may unknowingly run conversions from untrusted directories. The vulnerability is particularly impactful in Windows environments where batch file execution precedence can be abused. The absence of known exploits suggests limited active exploitation but does not reduce the urgency to patch.

Organizations should immediately upgrade jupyter nbconvert to version 7.17.0 or later, where the vulnerability is patched. Until upgrading, users should avoid running nbconvert --to pdf commands on notebooks containing SVG output from directories that are not fully trusted or controlled. Implement strict directory hygiene by ensuring no untrusted batch or executable files exist in working directories used for notebook conversion. Employ endpoint protection solutions that monitor and block suspicious batch file executions, especially in user directories. Educate users about the risks of running conversions from untrusted locations and encourage use of isolated or sandboxed environments for notebook processing. Consider restricting write permissions on directories used for conversions to prevent unauthorized file placement. Regularly audit and monitor systems for unexpected batch files or scripts in user directories. Finally, integrate nbconvert usage into broader application whitelisting and execution control policies to reduce risk of arbitrary code execution.