8.5

CVSS Score

4.0

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-53000

CVE-2025-53000: nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a inkscape.bat file that defines a Windows batch script, capable of arbitrary code execution. When a user runs jupyter nbconvert --to pdf on a notebook containing SVG output to a PDF on a Windows platform from this directory, the inkscape.bat file is run unexpectedly. As of time of publication, no known patches exist.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-53000

CVE-2025-53000:

8.5

CVSS Score

4.0

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nbconvert	pip	<= 7.16.6

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is an uncontrolled search path issue (CWE-427) in the nbconvert library on Windows. The nbconvert.preprocessors.svg2pdf.SVG2PDFPreprocessor._inkscape_default function uses shutil.which("inkscape") to find the inkscape executable. On Windows, this function searches the current working directory first. An attacker can place a malicious script named inkscape.bat in the same directory as a Jupyter notebook. When a user converts this notebook to PDF, nbconvert will execute the malicious script. The execution is triggered by functions that need to run inkscape, such as convert_figure (for the actual conversion) and _inkscape_version_default (to check the version). Both of these functions rely on the path resolved by the vulnerable _inkscape_default function, leading to arbitrary code execution.

Vulnerable functions

SVG2PDFPreprocessor._inkscape_default

nbconvert/preprocessors/svg2pdf.py

This function uses `shutil.which("inkscape")` to locate the Inkscape executable. On Windows, `shutil.which` searches the current working directory by default. This allows an attacker to place a malicious `inkscape.bat` file in the current directory, which will be found and later executed.

SVG2PDFPreprocessor.convert_figure

nbconvert/preprocessors/svg2pdf.py

This function executes the command to convert an SVG figure. The command is constructed using the path to `inkscape` obtained from the vulnerable `_inkscape_default` method. When a malicious `inkscape.bat` is present in the current directory on Windows, this function will execute it, leading to arbitrary code execution.

SVG2PDFPreprocessor._inkscape_version_default

nbconvert/preprocessors/svg2pdf.py

This function is called to determine the version of Inkscape. It executes the `inkscape` command with the `--version` argument. The path to `inkscape` is resolved by the vulnerable `_inkscape_default` function, so this function can also trigger the execution of a malicious `inkscape.bat` file.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-53000: nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

CVE-2025-53000:

8.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

8.5

8.5

CVE-2025-53000: nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI