CVE-2026-25592
📋 TL;DR
CVE-2026-25592 is an arbitrary file write vulnerability in Microsoft's Semantic Kernel .NET SDK that allows attackers to write files to arbitrary locations on the filesystem. This affects applications using the SessionsPythonPlugin before version 1.70.0. The vulnerability can lead to remote code execution or system compromise.
💻 Affected Systems
- Microsoft Semantic Kernel .NET SDK
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through remote code execution, data destruction, or ransomware deployment by writing malicious files to critical system locations.
Likely Case
Unauthorized file writes leading to data exfiltration, privilege escalation, or persistence mechanisms being established.
If Mitigated
Limited impact with proper input validation and file path restrictions in place.
🎯 Exploit Status
Exploitation requires access to call vulnerable functions with controlled parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.70.0
Vendor Advisory: https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4
Restart Required: No
Instructions:
1. Update Microsoft.SemanticKernel.Core package to version 1.70.0 or later. 2. Run 'dotnet restore' to fetch updated packages. 3. Rebuild and redeploy your application.
🔧 Temporary Workarounds
Function Invocation Filter
allImplement a filter that validates file paths before DownloadFileAsync or UploadFileAsync operations
Implement custom IFunctionInvocationFilter with path validation logic
🧯 If You Can't Patch
- Implement strict input validation for all file path parameters
- Restrict application permissions to minimal required directories
🔍 How to Verify
Check if Vulnerable:
Check if Microsoft.SemanticKernel.Core package version is below 1.70.0 in your project file or package referencesCheck Version:
dotnet list package Microsoft.SemanticKernel.CoreVerify Fix Applied:
Confirm Microsoft.SemanticKernel.Core package version is 1.70.0 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual file write operations to system directories
- Multiple failed path validation attempts
Network Indicators:
- Unexpected outbound file transfers from application server
SIEM Query:
source="application_logs" AND ("DownloadFileAsync" OR "UploadFileAsync") AND path="*system*"🔗 References
- https://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64
- https://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d
- https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4
