A critical arbitrary file write vulnerability in Microsoft Semantic Kernel .NET SDK could allow attackers to overwrite sensitive system files or achieve remote code execution.

This vulnerability exists within the SessionsPythonPlugin component of the SDK. An attacker can manipulate the localFilePath argument in the DownloadFileAsync or UploadFileAsync functions to perform arbitrary file writes, likely without requiring high-level authentication depending on the implementation's exposure.

A successful exploit allows an attacker to overwrite critical application files or configuration data, leading to a complete compromise of the host system. Given the CVSS score of 9.9, this represents a near-maximum risk to data integrity and system availability, potentially facilitating persistent access within AI-orchestrated environments.

Immediate Action: Administrators must update Microsoft.SemanticKernel.Core to version 1.70.0 or later immediately to patch the vulnerable plugin logic.

Proactive Monitoring: Implement logging for all file system interactions initiated by the Semantic Kernel and review arguments passed to the SessionsPythonPlugin for suspicious path traversal patterns.

Compensating Controls: As a temporary measure, developers can implement a Function Invocation Filter to validate and allow-list localFilePath arguments before they reach the vulnerable functions.

Public Exploit Available: No

The severity of this arbitrary file write flaw necessitates immediate remediation. Organizations utilizing the Semantic Kernel .NET SDK for AI agent orchestration should prioritize the update to version 1.70.0 to prevent total system compromise.