CVE-2025-30167 Overview
Jupyter Core, a foundational package providing core common functionality for Jupyter projects, contains an Uncontrolled Search Path Element vulnerability (CWE-427) in versions prior to 5.8.0 on Windows systems. The vulnerability stems from the application's use of the shared %PROGRAMDATA% directory for searching configuration files through SYSTEM_CONFIG_PATH and SYSTEM_JUPYTER_PATH. This design flaw allows unprivileged users on shared Windows systems to create malicious configuration files that affect other users, potentially leading to code execution or privilege escalation within the Jupyter environment.
Critical Impact
On shared Windows systems with multiple users and unprotected %PROGRAMDATA% directories, attackers with local access can plant malicious configuration files that execute in the context of other users running Jupyter applications.
Affected Products
- Jupyter Core versions prior to 5.8.0
- Windows systems with shared %PROGRAMDATA% directories
- Multi-user Windows environments with default directory permissions
Discovery Timeline
- 2025-06-03 - CVE CVE-2025-30167 published to NVD
- 2025-09-08 - Last updated in NVD database
Technical Details for CVE-2025-30167
Vulnerability Analysis
This vulnerability falls under CWE-427 (Uncontrolled Search Path Element), a class of weaknesses where an application searches for critical resources using an externally-supplied search path that can point to resources outside the intended control sphere.
In the case of Jupyter Core on Windows, the application searches for configuration files in the %PROGRAMDATA% directory, which is a shared system location. By default, this directory may have overly permissive access controls that allow standard users to create files and subdirectories. When Jupyter Core loads configuration files from this location, it trusts the content without adequate verification of the file's origin or integrity.
The attack requires local access to the system and depends on the target environment having multiple users with unprotected %PROGRAMDATA% directory permissions. When these conditions are met, an attacker can create a %PROGRAMDATA%\jupyter directory structure containing malicious configuration files that will be loaded by other users when they run Jupyter applications.
Root Cause
The root cause lies in Jupyter Core's configuration file search path implementation on Windows systems. The application includes %PROGRAMDATA% as part of SYSTEM_CONFIG_PATH and SYSTEM_JUPYTER_PATH without adequately verifying the permissions or ownership of the directory. This allows any local user who can write to %PROGRAMDATA% to influence the configuration of Jupyter applications for all users on the system.
The fundamental issue is a failure to apply the principle of least privilege when determining trusted configuration file locations. On multi-user systems, shared directories should either be excluded from the search path or the application should validate that configuration files in these locations are only writable by administrators.
Attack Vector
The attack vector is local, requiring the attacker to have user-level access to a shared Windows system. The attack proceeds as follows:
- The attacker identifies a Windows system with Jupyter Core installed where multiple users share the system
- The attacker checks that %PROGRAMDATA% is writable (default on many Windows configurations)
- The attacker creates the %PROGRAMDATA%\jupyter directory if it doesn't exist
- The attacker places malicious configuration files in this directory
- When another user launches a Jupyter application, the malicious configuration is loaded and executed in their security context
The vulnerability requires user interaction (the victim must launch a Jupyter application) but has the potential for high impact on confidentiality, integrity, and availability of the victim's session and data.
Detection Methods for CVE-2025-30167
Indicators of Compromise
- Unexpected files or directories created under %PROGRAMDATA%\jupyter by non-administrator users
- Configuration files in %PROGRAMDATA%\jupyter with suspicious content or recent modification times
- Unusual process behavior or network connections originating from Jupyter processes
- File system audit logs showing creation of jupyter configuration files by unprivileged accounts
Detection Strategies
- Monitor file system changes to %PROGRAMDATA%\jupyter and alert on creations by non-administrator accounts
- Implement file integrity monitoring for Jupyter configuration directories across all search paths
- Review Jupyter configuration file contents for suspicious entries such as startup scripts or extension configurations
- Use endpoint detection and response (EDR) solutions to monitor process chains originating from Jupyter applications
Monitoring Recommendations
- Enable Windows Security Auditing for Object Access on the %PROGRAMDATA% directory
- Deploy SentinelOne agents to monitor for suspicious file system modifications in shared configuration directories
- Implement application whitelisting to control what executables can be launched by Jupyter processes
- Review user access patterns on shared systems to identify potential exploitation attempts
How to Mitigate CVE-2025-30167
Immediate Actions Required
- Upgrade Jupyter Core to version 5.8.0 or later immediately on all affected systems
- Audit %PROGRAMDATA%\jupyter directories for any unauthorized configuration files
- Review permissions on %PROGRAMDATA% to ensure only administrators have write access
- Implement monitoring for file system changes in shared configuration directories
Patch Information
Users should upgrade to Jupyter Core version 5.8.0 or later to receive the security patch. The fix addresses the configuration file search path handling on Windows systems. For detailed information about the vulnerability and patch, refer to the GitHub Security Advisory GHSA-33p9-3p43-82vq.
The patch can be applied by upgrading through pip:
pip install --upgrade jupyter_core>=5.8.0
Workarounds
- As administrator, modify permissions on the %PROGRAMDATA% directory to prevent unauthorized users from writing files
- As administrator, proactively create the %PROGRAMDATA%\jupyter directory with restrictive permissions (administrator-only write access)
- As user or administrator, set the %PROGRAMDATA% environment variable to point to a directory with appropriately restrictive permissions controlled by administrators or the current user
- Consider running Jupyter in isolated user environments or containers to limit the impact of configuration hijacking
# Example: Restrict permissions on %PROGRAMDATA%\jupyter (run as Administrator)
icacls "%PROGRAMDATA%\jupyter" /inheritance:r /grant:r "BUILTIN\Administrators:(OI)(CI)F" /grant:r "NT AUTHORITY\SYSTEM:(OI)(CI)F"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
