CVE-2025-53000

Name of the Vulnerable Software and Affected Versions nbconvert versions up to and including 7.16.6

Description The nbconvert tool, used for converting Jupyter notebooks to various formats, has an issue on Windows systems. Converting a notebook with SVG output to PDF can lead to unauthorized code execution. A malicious actor can create an inkscape.bat file containing a Windows batch script capable of arbitrary code execution. When a user runs jupyter nbconvert --to pdf on a notebook containing SVG output on a Windows platform from the directory containing the malicious file, the inkscape.bat file is unexpectedly executed. The issue involves the use of Jinja templates during the conversion process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.