CVE Tools
Sign in

CVE-2025-59842

JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

Published: Sep 26, 2025Updated: Oct 22, 2025 Sources: CVE List NVD GHSACWE-1022
NVD MITRE
4.3CVSSMEDIUM
EPSS Score
0.2%
Top 88.9%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener attribute. This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if links generated by those extensions included target=_blank (no such extensions are known at time of writing) and they were to click on a link generated in LaTeX (typically visibly different from other links). This issue has been patched in version 4.4.8.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:RS:UC:LI:NA:N
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:RUser Interaction
Required
Scope
S:UScope
Unchanged
Impact
C:LConfidentiality
Low
I:NIntegrity
None
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

CWE-1022

Affected Products

jupyterlabjupyter
Mixed
AI / ML / notebook-mlops
jupyterlabPyPIOSS Libraries
jupyterlabjupyterlab
On-prem
DevTools & CI / ide-editor
jupyteross-projectAI / MLaka notebook, jupyter server, jupyterlab
pypipackage-ecosystemOSS Libraries
jupyterlaboss-projectDevTools & CIaka jupyter lab

Exploitability

Official Patch Available

References

https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c
github.com
https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm
github.com
https://nvd.nist.gov/vuln/detail/CVE-2025-59842
nvd.nist.gov
and 1 more references View all →

Timeline

Published
Sep 26, 2025
Last Updated
Oct 22, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-59842 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows