Security update addressing a dangerous Windows PowerShell vulnerability that allows attackers to execute malicious code on affected systems.
The vulnerability, tracked as CVE-2025-54100, was publicly disclosed on December 9, 2025, and represents a significant security risk for organizations worldwide.
The flaw stems from improper neutralization of special elements in Windows PowerShell during command injection attacks.
The vulnerability enables unauthorized attackers to execute arbitrary code locally through specially crafted commands.
Windows PowerShell 0-Day Vulnerability
According to Microsoft’s assessment, exploitation is currently considered less likely in real-world scenarios. However, the vulnerability has already been publicly disclosed.
The attack requires local access and user interaction, meaning attackers typically need to convince users to open malicious files or execute suspicious commands.
| Details | Information |
|---|---|
| CVE Identifier | CVE-2025-54100 |
| Attack Vector | Local |
| CVSS Score | 7.8 |
| Impact Type | Remote Code Execution |
| Affected Component | Windows PowerShell |
The vulnerability has a CVSS severity score of 7.8 and is classified as Important by Microsoft.
The weakness is categorized under CWE-77, which involves improper neutralization of special elements used in command injection attacks.
The vulnerability impacts a wide range of Windows operating systems, including Windows 10, Windows 11, Windows Server 2008 through 2025, and various system configurations.
Microsoft has released security updates across multiple platforms, with patch versions varying on operating system and installation type.
Organizations using Windows Server 2025, Windows 11 versions 24H2 and 25H2, and Windows Server 2022 should prioritize patching using KB5072033 or KB5074204.
Users running Windows 10 and earlier versions require separate updates, such as KB5071546 or KB5071544.
System administrators should note that security updates for most affected systems require a system reboot after installation.
Users installing security updates KB5074204 or KB5074353 will receive a security warning when using the Invoke-WebRequest command.
Microsoft recommends using the UseBasicParsing switch to prevent script code execution from web content.
Additionally, organizations should implement the guidance in KB5074596 regarding PowerShell 5.1 security measures to mitigate script execution risks.
The acknowledgment reflects the collaborative effort between Microsoft and the security community in protecting Windows users from emerging threats.
