An urgent security update has been released to address a critical vulnerability in Windows PowerShell that allows attackers to execute malicious code on affected systems. This security flaw, designated CVE-2025-54100, was disclosed on December 9, 2025, and poses a significant threat to the integrity of computer systems globally.
Microsoft classifies the vulnerability as important, with a CVSS severity score of 7.8. The weakness, identified as CWE-77, involves the improper neutralization of special elements used in command injection attacks.
Microsoft considers the possibility of this vulnerability being exploited in real-world attacks to be remote. The vulnerability has already been publicly disclosed. Attackers require local access and user intervention to execute the attack , so they are forced to try to trick users into opening malicious files or running suspicious commands.
Microsoft has released security patches for several platforms. It is critical that organizations running Windows Server 2025, Windows 11 versions 24H2 and 25H2 , and Windows Server 2022 prioritize patching using KB5072033 or KB5074204 .
The flaw occurs when special elements in Windows PowerShell are improperly disabled during command injection attacks. This allows attackers to execute arbitrary code locally via specially crafted commands.
Microsoft recommends using the UseBasicParsing switch to prevent script execution from web content. Additionally, organizations should implement the guidance in KB5074596 regarding PowerShell 5.1 security measures to mitigate script execution risks.
The vulnerability affects a wide range of Windows operating systems, including Windows 10, Windows 11, Windows Server 2008 through version 2025, and various system configurations. Users running Windows 10 and earlier require separate updates, such as KB5071546 or KB5071544.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
