Description

Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).

INFO

Published Date :

2025-06-03T16:42:16.357Z

Last Modified :

2026-01-23T16:31:03.690Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-30167 vulnerability.

Vendors Products
Jupyter
  • Jupyter Core
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30167.

URL Resource
https://github.com/jupyter/jupyter_core/commit/5e8965600adda6b416692ce7e85ecb2bd814bd52 cve-icon cve-icon
https://github.com/jupyter/jupyter_core/security/advisories/GHSA-33p9-3p43-82vq cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact