.NET Elevation of Privilege Vulnerability
Description
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local privilege escalation vulnerability in .NET MSBuild on Linux allows an authorized attacker to cause a denial of service by exploiting predictable temporary directory paths.
Vulnerability
Overview
CVE-2025-55247 is an improper link resolution before file access ('link following') vulnerability in .NET's MSBuild component, affecting versions 8.0, 9.0, and 10.0 on Linux operating systems [1]. The root cause lies in MSBuild's use of predictable paths for temporary directories during build operations, which allows a local attacker to create those directories ahead of MSBuild, leading to a denial of service (DoS) condition [1].
Exploitation
An authorized attacker with local access to a Linux system can exploit this vulnerability by pre-creating the predictable temporary directories that MSBuild expects to use. This attack requires no special privileges beyond local user access and is specific to builds that utilize the DownloadFile build task [1]. The vulnerability does not affect Windows systems and is limited to .NET SDK installations on Linux [1].
Impact
Successful exploitation results in a denial of service against .NET builds, preventing legitimate build operations from completing. The attacker can disrupt development workflows and CI/CD pipelines that rely on MSBuild, potentially causing significant operational delays [1]. The vulnerability is classified as a local privilege escalation issue, though the primary impact is availability rather than data confidentiality or integrity [1].
Mitigation
Microsoft has released patches for all affected .NET SDK versions, including .NET 10.0.100-rc.1.25451.107, .NET 9.0.110/9.0.305, and .NET 8.0.120/8.0.317/8.0.414 [1]. Developers should update to the latest patched versions of the affected packages: Microsoft.Build.Tasks.Core, Microsoft.Build, and Microsoft.Build.Utilities.core [1]. Projects that do not use the DownloadFile build task are not susceptible to this vulnerability [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.Build.Tasks.CoreNuGet | >= 17.15.0-preview-25277-114, < 18.0.0-preview-25476-107 | 18.0.0-preview-25476-107 |
Microsoft.Build.Tasks.CoreNuGet | >= 17.14.0, < 17.14.28 | 17.14.28 |
Microsoft.Build.Tasks.CoreNuGet | >= 17.12.0, < 17.12.50 | 17.12.50 |
Microsoft.Build.Tasks.CoreNuGet | >= 17.11.0, < 17.11.48 | 17.11.48 |
Microsoft.Build.Tasks.CoreNuGet | >= 17.10.0, < 17.10.46 | 17.10.46 |
Microsoft.Build.Tasks.CoreNuGet | >= 17.8.0, < 17.8.43 | 17.8.43 |
Microsoft.BuildNuGet | >= 17.15.0-preview-25277-114, < 18.0.0-preview-25476-107 | 18.0.0-preview-25476-107 |
Microsoft.BuildNuGet | >= 17.14.0, < 17.14.28 | 17.14.28 |
Microsoft.BuildNuGet | >= 17.12.0, < 17.12.50 | 17.12.50 |
Microsoft.BuildNuGet | >= 17.11.0, < 17.11.48 | 17.11.48 |
Microsoft.BuildNuGet | >= 17.10.0, < 17.10.46 | 17.10.46 |
Microsoft.BuildNuGet | >= 17.8.0, < 17.8.43 | 17.8.43 |
Microsoft.Build.Utilities.CoreNuGet | >= 17.15.0-preview-25277-114, < 18.0.0-preview-25476-107 | 18.0.0-preview-25476-107 |
Microsoft.Build.Utilities.CoreNuGet | >= 17.14.0, < 17.14.28 | 17.14.28 |
Microsoft.Build.Utilities.CoreNuGet | >= 17.12.0, < 17.12.50 | 17.12.50 |
Microsoft.Build.Utilities.CoreNuGet | >= 17.11.0, < 17.11.48 | 17.11.48 |
Microsoft.Build.Utilities.CoreNuGet | >= 17.10.0, < 17.10.46 | 17.10.46 |
Microsoft.Build.Utilities.CoreNuGet | >= 17.8.0, < 17.8.43 | 17.8.43 |
Affected products
2- Microsoft/.NET 8.0v5Range: 8.0.0
- Microsoft/.NET 9.0v5Range: 9.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-w3q9-fxm7-j8fqghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55247ghsavendor-advisorypatchWEB
- nvd.nist.gov/vuln/detail/CVE-2025-55247ghsaADVISORY
- github.com/dotnet/msbuild/security/advisories/GHSA-w3q9-fxm7-j8fqghsaWEB
News mentions
0No linked articles in our index yet.