A vulnerability classified as critical was found in Jupyter Core up to 5.7.x on Windows. This vulnerability affects unknown code of the component Environment Variable Handler. The manipulation of the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH leads to uncontrolled search path.

This vulnerability was named CVE-2025-30167. It is possible to launch the attack on the local host. There is no exploit available.

It is recommended to upgrade the affected component.