{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-30167", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-03-17T12:41:42.568Z", "datePublished": "2025-06-03T16:42:16.357Z", "dateUpdated": "2026-01-23T16:31:03.690Z"}, "containers": {"cna": {"title": "Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "lang": "en", "description": "CWE-427: Uncontrolled Search Path Element", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/jupyter/jupyter_core/security/advisories/GHSA-33p9-3p43-82vq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jupyter/jupyter_core/security/advisories/GHSA-33p9-3p43-82vq"}, {"name": "https://github.com/jupyter/jupyter_core/commit/5e8965600adda6b416692ce7e85ecb2bd814bd52", "tags": ["x_refsource_MISC"], "url": "https://github.com/jupyter/jupyter_core/commit/5e8965600adda6b416692ce7e85ecb2bd814bd52"}], "affected": [{"vendor": "jupyter", "product": "jupyter_core", "versions": [{"version": "< 5.8.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-23T16:31:03.690Z"}, "descriptions": [{"lang": "en", "value": "Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user)."}], "source": {"advisory": "GHSA-33p9-3p43-82vq", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-03T17:34:39.597862Z", "id": "CVE-2025-30167", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T17:34:46.033Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30167", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-03T17:34:39.597862Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T17:34:42.419Z"}}], "cna": {"title": "Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability", "source": {"advisory": "GHSA-33p9-3p43-82vq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "jupyter", "product": "jupyter_core", "versions": [{"status": "affected", "version": "< 5.8.0"}]}], "references": [{"url": "https://github.com/jupyter/jupyter_core/security/advisories/GHSA-33p9-3p43-82vq", "name": "https://github.com/jupyter/jupyter_core/security/advisories/GHSA-33p9-3p43-82vq", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/jupyter/jupyter_core/commit/5e8965600adda6b416692ce7e85ecb2bd814bd52", "name": "https://github.com/jupyter/jupyter_core/commit/5e8965600adda6b416692ce7e85ecb2bd814bd52", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-23T16:31:03.690Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30167", "state": "PUBLISHED", "dateUpdated": "2026-01-23T16:31:03.690Z", "dateReserved": "2025-03-17T12:41:42.568Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-06-03T16:42:16.357Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jupyter:jupyter_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5D80A0D-E7CC-477C-A9A8-AEEAA86D47E5", "versionEndExcluding": "5.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user)."}, {"lang": "es", "value": "Jupyter Core es un paquete para la funcionalidad principal com\u00fan de los proyectos de Jupyter. Al usar Jupyter Core antes de la versi\u00f3n 5.8.0 en Windows, se buscan archivos de configuraci\u00f3n (`SYSTEM_CONFIG_PATH` y `SYSTEM_JUPYTER_PATH`) en el directorio compartido `%PROGRAMDATA%`, lo que puede permitir que los usuarios creen archivos de configuraci\u00f3n que afecten a otros usuarios. Solo se ven afectados los sistemas Windows compartidos con varios usuarios y `%PROGRAMDATA%` sin protecci\u00f3n. Los usuarios deben actualizar a Jupyter Core versi\u00f3n 5.8.0 o posterior para recibir un parche. Hay otras mitigaciones disponibles. Como administrador, modifique los permisos del directorio `%PROGRAMDATA%` para que usuarios no autorizados no puedan escribir en \u00e9l; o como administrador, cree el directorio `%PROGRAMDATA%\\jupyter` con los permisos restrictivos adecuados. o como usuario o administrador, configure la variable de entorno `%PROGRAMDATA%` en un directorio con permisos restrictivos apropiados (por ejemplo, controlado por administradores _o_ el usuario actual)."}], "id": "CVE-2025-30167", "lastModified": "2026-01-23T17:16:06.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-06-03T17:15:21.520", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/jupyter/jupyter_core/commit/5e8965600adda6b416692ce7e85ecb2bd814bd52"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/jupyter/jupyter_core/security/advisories/GHSA-33p9-3p43-82vq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"created": "2025-07-12T15:26:06.504966+00:00", "updated": "2025-07-12T15:26:06.505022+00:00", "vendors": ["jupyter", "jupyter$PRODUCT$jupyter_core"]}