BIT-jupyterlab-2025-59842
Reverse Tabnabbing vulnerability in jupyterlab (PyPI)
What is BIT-jupyterlab-2025-59842 About?
This is a Reverse Tabnabbing vulnerability in JupyterLab and Jupyter Notebook, where LaTeX-generated links in Markdown files did not include the `noopener` attribute. While no impact is observed in default installations, third-party extensions could theoretically be vulnerable if `target=_blank` is used. Exploitation is unlikely under normal circumstances but theoretically possible with specific third-party extensions.
Affected Software
Technical Details
The vulnerability arises because LaTeX typesetters in Markdown files and cells within JupyterLab and Jupyter Notebook failed to include the noopener attribute on generated links. The noopener attribute prevents new tabs/windows opened via target=_blank from being able to access the window.opener property of the original tab. While default LaTeX typesetters (jupyterlab-mathjax, jupyterlab-mathjax2, jupyterlab-katex) do not use target=_blank, a theoretical risk exists if a third-party LaTeX-rendering extension were to automatically add target=_blank to such links. In that scenario, clicking a specially crafted link could allow the new tab to navigate the original Jupyter session to a malicious page, leading to phishing or session hijacking (Reverse Tabnabbing).
What is the Impact of BIT-jupyterlab-2025-59842?
Successful exploitation may allow attackers to redirect the user's original browsing tab to a malicious website when a link is clicked, potentially leading to phishing or session hijacking.
What is the Exploitability of BIT-jupyterlab-2025-59842?
Exploitation is of high complexity and highly conditional. It requires the presence of a specific third-party LaTeX-rendering extension that automatically adds target=_blank to links, and user interaction (clicking the malicious link). No authentication is directly required for the attack itself, but an attacker would need a means to embed the malicious LaTeX link into a Jupyter file that a victim would open. This is a client-side, remote-exploitable vulnerability. The primary risk factor is the installation and use of vulnerable third-party extensions and users clicking on aesthetically distinct LaTeX-generated links within Jupyter environments.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-jupyterlab-2025-59842?
Available Upgrade Options
- jupyterlab
- <4.4.8 → Upgrade to 4.4.8
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c
- https://nvd.nist.gov/vuln/detail/CVE-2025-59842
- https://github.com/jupyterlab/jupyterlab
- https://osv.dev/vulnerability/GHSA-vvfj-2jqx-52jm
- https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c
- https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm
- https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm
What are Similar Vulnerabilities to BIT-jupyterlab-2025-59842?
Similar Vulnerabilities: CVE-2023-32001 , CVE-2023-25164 , CVE-2022-29007 , CVE-2022-24754 , CVE-2021-39226
