Login Sign Up

CVE-2025-59842

4.3 MEDIUM

📋 TL;DR

This vulnerability in JupyterLab and Jupyter Notebook allows reverse tabnabbing attacks when users click on LaTeX-generated links in Markdown content. Only users of third-party LaTeX-rendering extensions that include target=_blank attributes are potentially affected. Default installations are not vulnerable.

💻 Affected Systems

Products:
  • jupyterlab
  • jupyter-notebook
Versions: All versions prior to 4.4.8
Operating Systems: All
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when using third-party LaTeX-rendering extensions that include target=_blank attributes (no such extensions known). Default installations are not affected.

📦 What is this software?

Jupyterlab by Jupyter

View all CVEs affecting Jupyterlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could redirect the original JupyterLab tab to a malicious site, potentially stealing session tokens or credentials if the user remains logged in.

🟠

Likely Case

Minimal impact since no known vulnerable extensions exist and LaTeX links are visually distinct, making user interaction unlikely.

🟢

If Mitigated

No impact with proper patching or when using default configurations without vulnerable third-party extensions.

🌐 Internet-Facing: LOW - Requires specific user interaction with LaTeX links and vulnerable third-party extensions, which are not known to exist.
🏢 Internal Only: LOW - Same constraints apply internally; requires user to click specific LaTeX links with vulnerable extensions installed.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires: 1) User with vulnerable third-party extension installed, 2) User clicking on LaTeX-generated link, 3) Attacker-controlled link with malicious JavaScript. No known vulnerable extensions exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.8

Vendor Advisory: https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm

Restart Required: No

Instructions:

1. Update JupyterLab: pip install --upgrade jupyterlab==4.4.8 2. Update Jupyter Notebook: pip install --upgrade notebook 3. Restart JupyterLab/Notebook instances.

🔧 Temporary Workarounds

Disable third-party LaTeX extensions

all

Remove or disable any third-party LaTeX-rendering extensions that might add target=_blank attributes to links.

jupyter labextension list
jupyter labextension uninstall <extension-name>

Browser security settings

all

Configure browsers to open external links in new windows without access to opener context.

🧯 If You Can't Patch

  • Avoid clicking on LaTeX-generated links in Markdown content
  • Use browser extensions that enforce noopener on all external links

🔍 How to Verify

Check if Vulnerable:

Check JupyterLab version: jupyter lab --version. If version is less than 4.4.8, system is potentially vulnerable (though requires vulnerable third-party extensions).

Check Version:

jupyter lab --version

Verify Fix Applied:

Confirm version is 4.4.8 or higher: jupyter lab --version

📡 Detection & Monitoring

Log Indicators:

  • Unusual redirect patterns in browser console logs
  • Unexpected tab/window openings from JupyterLab instances

Network Indicators:

  • External connections to unexpected domains following JupyterLab link clicks

SIEM Query:

Not applicable - client-side attack with minimal server-side indicators.

📊 Metadata

CVE ID: CVE-2025-59842
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE: CWE-1022
EPSS Score: 0.05% exploit probability (15.9th percentile)
Published: September 26, 2025
Last Updated: October 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON