CVE-2025-30167

Name of the Vulnerable Software and Affected Versions Jupyter Core versions prior to 5.8.0

Description The issue affects Jupyter Core on Windows, where the shared %PROGRAMDATA% directory is searched for configuration files, potentially allowing users to create files that impact other users. This is specifically a concern for shared Windows systems with multiple users and an unprotected %PROGRAMDATA% directory.

Recommendations For versions prior to 5.8.0, upgrade to Jupyter Core version 5.8.0 or later. As an administrator, modify the permissions on the %PROGRAMDATA% directory to prevent unauthorized write access. As an administrator, create the %PROGRAMDATA%jupyter directory with restrictive permissions. As a user or administrator, set the %PROGRAMDATA% environment variable to a directory with restrictive permissions, such as one controlled by administrators or the current user.