CVE-2025-30167 | Jupyter Core up to 5.7.x on Windows Environment Variable SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH uncontrolled search path (GHSA-33p9-3p43-82vq)

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability classified as critical was found in Jupyter Core up to 5.7.x on Windows. This vulnerability affects unknown code of the component Environment Variable Handler. The manipulation of the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH leads to uncontrolled search path.

This vulnerability was named CVE-2025-30167. It is possible to launch the attack on the local host. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-30167 | Jupyter Core up to 5.7.x on Windows Environment Variable SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH uncontrolled search path (GHSA-33p9-3p43-82vq)

Post correlati

CVE-2023-40555 | UX-themes Flatsome Theme up to 3.17.5 on WordPress deserialization

CVE-2022-32505 | Nuki Bridge up to 1.x/2.12.3/2.x/3.3.4 BLE Packet denial of service

CVE-2014-125108 | w3c online-spellchecker-py up to 20140130 spellchecker cross site scripting

CVE-2024-2637 | B&R Industrial Automation VC4 Files uncontrolled search path