Summary
On Windows, converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a inkscape.bat file that defines a Windows batch script, capable of arbitrary code execution.
When a user runs jupyter nbconvert --to pdf on a notebook containing SVG output to a PDF on a Windows platform from this directory, the inkscape.bat file is run unexpectedly.
Details
Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.
nbconvert searches for an inkscape executable when converting notebooks to PDFs here: https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104
The MITRE page on CWE-427 (Uncontrolled Search Path Element) summarizes the root cause succinctly:
In Windows-based systems, when the LoadLibrary or LoadLibraryEx function is called with a DLL name that does not contain a fully qualified path, the function follows a search order that includes two path elements that might be uncontrolled:
- the directory from which the program has been loaded
- the current working directory
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
Create a directory containing:
A hidden bat file called
inkscape.batcontainingmsg * "You've been hacked!"A dummy ipynb file called
Machine_Learning.ipynb
Run the command
jupyter nbconvert --to pdf Machine_Learning.ipynb.Wait a few seconds, and you should see a popup showing the message "You've been hacked!"
Impact
All Windows users.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2025-53000? CVE-2025-53000 is a high-severity security vulnerability in nbconvert (pip), affecting versions < 7.17.0. It is fixed in 7.17.0.
- Which versions of nbconvert are affected by CVE-2025-53000? nbconvert (pip) versions < 7.17.0 is affected.
- Is there a fix for CVE-2025-53000? Yes. CVE-2025-53000 is fixed in 7.17.0. Upgrade to this version or later.
- Is CVE-2025-53000 exploitable, and should I be worried? Whether CVE-2025-53000 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2025-53000 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2025-53000? Upgrade
nbconvertto 7.17.0 or later.