Microsoft's Security Update Guide now lists CVE-2026-25645, a medium-severity vulnerability in the ubiquitous Python Requests library. The flaw, present in versions before 2.33.0, stems from the extract_zipped_paths() function and its unsafe handling of temporary files. A local attacker who can predict these file names might hijack file operations, escalate privileges, or corrupt data. While the CVSS score and limited attack vector place it at medium severity, the advisory’s appearance in Microsoft’s official channel underscores how deeply Python is woven into the Windows ecosystem—and how a flaw in a third‑party library can ripple through enterprise environments.

For developers and system administrators, the message is clear: audit your Python stacks immediately and update Requests to 2.33.0 or later. If you manage Windows servers that run custom automation scripts, data pipelines, or even certain Microsoft products that bundle Python, this CVE demands attention before local attack surfaces become exploitable.

Under the hood: why extract_zipped_paths() is dangerous

The extract_zipped_paths() utility was introduced to simplify working with HTTP responses that deliver ZIP‑compressed content. Instead of manually decompressing data, a developer can call the function to automatically unpack files into a temporary directory. The problem, as detailed in CVE‑2026‑25645, is that the directory and file names are generated with insufficient randomness.

Older versions of Requests used a predictable pattern based on the process ID and a monotonic counter. On Windows, process IDs are relatively low‑entropy and can be sniffed by a local user through built‑in tools like Task Manager or PowerShell. An attacker who knows—or can guess—the temporary path can create a symlink or a hardlink before the extract_zipped_paths() call does, redirecting file writes to a sensitive location. For example, a symlink could point to C:\\Windows\\System32\\malicious.dll or to another user’s home directory. When Requests writes the decompressed data, it follows the link and overwrites critical files with attacker‑controlled content.

This class of vulnerability is known as a “time‑of‑check to time‑of‑use” (TOCTOU) race condition. The fix in Requests 2.33.0 switches to tempfile.mkdtemp() with a cryptographically secure random suffix, eliminating name predictability entirely. The patch, though small, highlights how a single line of code can be the difference between a secure application and a local privilege‑escalation vector.

How a local vulnerability becomes a Windows problem

At first glance, CVE‑2026‑25645 looks like a Linux‑centered concern. After all, Python’s tempfile module has long grappled with insecure defaults, and most discussions around TOCTOU attacks focus on Unix symlinks. Windows, however, supports symlinks since Vista, and the NTFS file system allows both hardlinks and junction points that can be abused in similar ways.

Moreover, Windows has become a first‑class Python development platform thanks to tools like Visual Studio Code, the Windows Subsystem for Linux (WSL), and native Python installers. On a shared Windows Server running IIS, background tasks, or scheduled Python scripts, a low‑privileged user could leverage CVE‑2026‑25645 to escalate to SYSTEM or to interfere with another user’s data. The risk is magnified if the affected Python process runs under a service account with elevated rights—a common scenario in automation and CI/CD pipelines.

Microsoft’s Security Update Guide does not publish a CVE unless it has been internally reviewed and determined to affect a Microsoft product or service. The listing suggests that the company’s security teams have identified at least one in‑house component that bundles a vulnerable version of Python Requests. Possible candidates include Azure Functions (which support Python runtimes), the Python extension for Visual Studio Code, or even hidden dependencies in tools like winget. While Microsoft has not publicly disclosed which product triggered the advisory, the act of publishing forces its own product groups to release patches—and signals to enterprise customers that they should scan their environments.

Attack scenario: a walkthrough

Imagine a Windows 11 workstation shared by multiple developers. Alice runs a Python script that periodically downloads security advisories from a vendor’s API, using Requests with extract_zipped_paths(). Bob, a malicious contractor, cannot read Alice’s script files but can observe the process list and the temporary files that appear in %TEMP%. He notices a directory named tmp01234_ appearing every hour, with a subfolder structure that mirrors the ZIP’s contents.

Bob writes a simple script that continuously monitors %TEMP% and, a split‑second before the expected window, creates a junction from tmp01234_ to C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup. When Alice’s script decompresses the ZIP, it unknowingly drops an executable—hidden inside the supposed ZIP—into the common startup folder. The next time Alice logs in, the executable runs with her privileges, allowing Bob to steal credentials or install a backdoor.

This scenario is not far‑fetched. Tools like ProcMon and Sysinternals’ Junction make it easy to map predictable file paths and create junctions. The only requirement is that the attacker already has a foothold on the machine, which the medium severity reflects.

Mitigation and patch deployment

For Python developers, the fix is straightforward: update Requests to version 2.33.0 or later. Use pip install --upgrade requests and verify with pip show requests. If you are locked into an older environment, backporting the extract_zipped_paths() patch manually is possible, but upgrading is the recommended path.

On Windows, the upgrade might involve additional steps. Many enterprise tools bundle their own Python interpreter inside the installation directory. For example, Microsoft Power BI, Azure Data Studio, and even older versions of Microsoft Office have shipped with embedded Python distributions. Administrators must inventory these installations and contact the vendor if a dedicated patch is not yet available.

Microsoft’s advisory will likely trigger a dedicated update through Windows Update or the Microsoft Store for any affected first‑party components. Administrators should monitor the MSRC portal for KB article links. In the meantime, a workaround is to avoid using extract_zipped_paths() entirely and instead manually handle ZIP decompression with tempfile.mkdtemp() and secure cleanup. If the function cannot be avoided, ensuring that the process runs with the lowest possible privileges and in a dedicated, non‑predictable temporary directory reduces exposure.

Security teams should also add CVE‑2026‑25645 to their vulnerability scanners. Qualys, Tenable, and Rapid7 plugins will likely appear shortly after publication, helping identify vulnerable Requests installations across the enterprise.

The bigger picture: supply chain risks on Windows

CVE‑2026‑25645 is not an isolated incident. In the past year alone, similar temp‑file vulnerabilities surfaced in libraries like Golang’s os.CreateTemp and Node.js’s tmp package. What sets this one apart is how quickly it appeared in Microsoft’s own advisory system, signaling that the company is actively tracking vulnerabilities in the open‑source software it ships.

For Windows administrators, this is a reminder that managing a Windows environment now includes managing a fleet of interpreted languages and their dependencies. Python, Ruby, Perl, and Node.js often come pre‑installed or are pulled in by management tools. Each of these runtimes carries its own library vulnerabilities, and traditional Windows patch management—focused on KB updates—does not address them.

Tools like pip‑audit, Dependabot, or Microsoft’s own Defender for Cloud can help identify outdated packages. In regulated industries, failing to patch a CVSS‑rated vulnerability like CVE‑2026‑25645 could lead to audit findings, even if local access is required. The prudent approach is to treat third‑party library CVEs with the same rigor as Windows CVEs.

What to expect from Microsoft

Historically, when Microsoft lists a third‑party vulnerability in the Security Update Guide, it releases a coordinated fix alongside the software developer. For CVE‑2026‑25645, we expect a two‑pronged update: the Requests library itself, now patched upstream, and a Microsoft‑specific patch for any affected product. The advisory’s medium severity suggests the patch will be prioritized but not released as an emergency out‑of‑band update.

Windows Update for Business and Windows Server Update Services (WSUS) administrators should watch for a supplemental entry in the “Security Updates” catalog. Even if no Microsoft product is directly vulnerable, the company might push an updated Python Requests wheel via the Microsoft Package Index or a servicing stack update.

In the short term, organizations that allow Python execution on shared systems should implement strict least‑privilege principles. Audit local permissions on %TEMP% and consider moving temporary file operations to a user‑specific, access‑controlled location by setting the TEMP and TMP environment variables to a secure directory.

Final word

CVE‑2026‑25645 may not rise to the level of a remote code execution panic, but its quiet inclusion in Microsoft’s Security Update Guide should be a wake‑up call. Python runs in more corners of Windows than many IT departments realize, and a predictable temp‑file bug can grant an attacker a foot‑hold they shouldn’t have.

For most, the fix is a single pip command away. For the rest, it’s time to start asking hard questions about software supply chains. When Microsoft sounds the alarm on a third‑party library, it’s rarely without cause. Patch now, audit deeply, and assume that every machine that can run Python is a target.