{"id":"CVE-2025-30167","summary":"Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability","details":"Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).","aliases":["GHSA-33p9-3p43-82vq"],"modified":"2026-04-10T05:24:41.209225Z","published":"2025-06-03T16:42:16.357Z","related":["CGA-gpmm-j9x7-4829","openSUSE-SU-2025:15272-1"],"database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-427"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/30xxx/CVE-2025-30167.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/30xxx/CVE-2025-30167.json"},{"type":"ADVISORY","url":"https://github.com/jupyter/jupyter_core/security/advisories/GHSA-33p9-3p43-82vq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30167"},{"type":"FIX","url":"https://github.com/jupyter/jupyter_core/commit/5e8965600adda6b416692ce7e85ecb2bd814bd52"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jupyter/jupyter_core","events":[{"introduced":"0"},{"fixed":"ff5270b8a688af5494940b12dc347e9d563e8d91"}]}],"versions":["4.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.1.0","4.1.1","4.10.0","4.11.0","4.11.1","4.2.0","4.2.1","4.3.0","4.4.0","4.5.0","4.6.0","4.6.1","4.6.2","4.6.3","4.7.0","4.7.0rc0","4.7.1","4.8.0","4.9.0","4.9.0rc0","4.9.1","4.9.1rc0","4.9.2","5.0.0rc0","5.0.0rc1","5.0.0rc2","v5.0.0","v5.1.0","v5.1.1","v5.1.2","v5.1.3","v5.1.4","v5.1.5","v5.2.0","v5.3.0","v5.3.1","v5.3.2","v5.4.0","v5.5.0","v5.5.1","v5.6.0","v5.6.1","v5.7.0","v5.7.1","v5.7.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30167.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}