{"id":2577,"date":"2026-02-06T11:37:01","date_gmt":"2026-02-06T16:37:01","guid":{"rendered":"https:\/\/www.yorku.ca\/uit\/infosec\/?p=2577"},"modified":"2026-02-06T11:38:27","modified_gmt":"2026-02-06T16:38:27","slug":"powershell-remote-code-execution-cve-2025-54100","status":"publish","type":"post","link":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/","title":{"rendered":"PowerShell Remote Code Execution (CVE-2025-54100)"},"content":{"rendered":"\n<p>Microsoft has released security updates to address a vulnerability in Windows PowerShell (CVE-2025-54100) that could allow local users to execute arbitrary code when using the Invoke-WebRequest cmdlet.<\/p>\n\n\n\n<p><strong>Severity level<\/strong><strong>&nbsp;<\/strong><\/p>\n\n\n\n<p>CVSS Score: 7.8\/high<\/p>\n\n\n\n<p><strong>Description<\/strong>:- CVE-2025-54100 is a command injection vulnerability in Windows PowerShell, specifically affecting the Invoke-WebRequest cmdlet. The flaw occurs because PowerShell automatically parses HTML content using the MSHTML engine, which can inadvertently execute embedded scripts during parsing. This behavior allows attackers to craft malicious web content that, when processed by Invoke-WebRequest, could lead to unintended script execution. Exploitation requires local access and user interaction, such as running a script that invokes Invoke-WebRequest on a malicious URL.<\/p>\n\n\n\n<p><strong>Affected Versions<\/strong><strong>&nbsp;<\/strong><strong>:-<\/strong>&nbsp; &nbsp;All systems using Windows PowerShell 5.1 on vulnerable Windows versions.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Windows 10.<\/li>\n\n\n\n<li>Windows 11.<\/li>\n\n\n\n<li>Windows Server (2008 through 2025 editions).<\/li>\n<\/ul>\n\n\n\n<p><strong>Impact:-<\/strong><\/p>\n\n\n\n<p>Successful exploitation of this vulnerability may allow attackers to execute arbitrary code on the affected system.<\/p>\n\n\n\n<p>After applying the patch, users will receive a security warning prompt before parsing any web content that could execute scripts.<\/p>\n\n\n\n<p><strong>Resolution:-<\/strong><\/p>\n\n\n\n<p>Please apply the latest Security updates released by Microsoft.<\/p>\n\n\n\n<p><strong>Reference:-<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-54100\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-54100<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-54100\">https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-54100<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.cyber.gc.ca\/en\/alerts-advisories\/microsoft-security-advisory-december-2025-monthly-rollup-av25-822\">https:\/\/www.cyber.gc.ca\/en\/alerts-advisories\/microsoft-security-advisory-december-2025-monthly-rollup-av25-822<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/thehackernews.com\/2025\/12\/microsoft-issues-security-fixes-for-56.html\">https:\/\/thehackernews.com\/2025\/12\/microsoft-issues-security-fixes-for-56.html<\/a><\/p>\n\n\n\n<p>UIT Information&nbsp;Security<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has released security updates to address a vulnerability in Windows PowerShell (CVE-2025-54100) that could allow local users to execute arbitrary code when using the Invoke-WebRequest cmdlet. Severity level&nbsp; CVSS Score: 7.8\/high Description:- CVE-2025-54100 is a command injection vulnerability in Windows PowerShell, specifically affecting the Invoke-WebRequest cmdlet. The flaw occurs because PowerShell automatically parses HTML [&hellip;]<\/p>\n","protected":false},"author":2694,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","ngg_post_thumbnail":0,"footnotes":""},"categories":[31],"tags":[],"class_list":["post-2577","post","type-post","status-publish","format-standard","hentry","category-vulnerabilities"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>PowerShell Remote Code Execution (CVE-2025-54100) - Information Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PowerShell Remote Code Execution (CVE-2025-54100) - Information Security\" \/>\n<meta property=\"og:description\" content=\"Microsoft has released security updates to address a vulnerability in Windows PowerShell (CVE-2025-54100) that could allow local users to execute arbitrary code when using the Invoke-WebRequest cmdlet. Severity level&nbsp; CVSS Score: 7.8\/high Description:- CVE-2025-54100 is a command injection vulnerability in Windows PowerShell, specifically affecting the Invoke-WebRequest cmdlet. The flaw occurs because PowerShell automatically parses HTML [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/\" \/>\n<meta property=\"og:site_name\" content=\"Information Security\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-06T16:37:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-06T16:38:27+00:00\" \/>\n<meta name=\"author\" content=\"kasingh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"kasingh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/02\\\/06\\\/powershell-remote-code-execution-cve-2025-54100\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/02\\\/06\\\/powershell-remote-code-execution-cve-2025-54100\\\/\"},\"author\":{\"name\":\"kasingh\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/person\\\/206ba07b2fdc716dbfb162fe95aa60ee\"},\"headline\":\"PowerShell Remote Code Execution (CVE-2025-54100)\",\"datePublished\":\"2026-02-06T16:37:01+00:00\",\"dateModified\":\"2026-02-06T16:38:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/02\\\/06\\\/powershell-remote-code-execution-cve-2025-54100\\\/\"},\"wordCount\":225,\"publisher\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-CA\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/02\\\/06\\\/powershell-remote-code-execution-cve-2025-54100\\\/\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/02\\\/06\\\/powershell-remote-code-execution-cve-2025-54100\\\/\",\"name\":\"PowerShell Remote Code Execution (CVE-2025-54100) - Information Security\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#website\"},\"datePublished\":\"2026-02-06T16:37:01+00:00\",\"dateModified\":\"2026-02-06T16:38:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/02\\\/06\\\/powershell-remote-code-execution-cve-2025-54100\\\/#breadcrumb\"},\"inLanguage\":\"en-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/02\\\/06\\\/powershell-remote-code-execution-cve-2025-54100\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/02\\\/06\\\/powershell-remote-code-execution-cve-2025-54100\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PowerShell Remote Code Execution (CVE-2025-54100)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#website\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/\",\"name\":\"Information Security\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-CA\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#organization\",\"name\":\"Information Security\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-CA\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/wp-content\\\/uploads\\\/sites\\\/806\\\/2025\\\/05\\\/Image-4.png\",\"contentUrl\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/wp-content\\\/uploads\\\/sites\\\/806\\\/2025\\\/05\\\/Image-4.png\",\"width\":1024,\"height\":1024,\"caption\":\"Information Security\"},\"image\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/person\\\/206ba07b2fdc716dbfb162fe95aa60ee\",\"name\":\"kasingh\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-CA\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g\",\"caption\":\"kasingh\"},\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/author\\\/kasingh\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PowerShell Remote Code Execution (CVE-2025-54100) - Information Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/","og_locale":"en_US","og_type":"article","og_title":"PowerShell Remote Code Execution (CVE-2025-54100) - Information Security","og_description":"Microsoft has released security updates to address a vulnerability in Windows PowerShell (CVE-2025-54100) that could allow local users to execute arbitrary code when using the Invoke-WebRequest cmdlet. Severity level&nbsp; CVSS Score: 7.8\/high Description:- CVE-2025-54100 is a command injection vulnerability in Windows PowerShell, specifically affecting the Invoke-WebRequest cmdlet. The flaw occurs because PowerShell automatically parses HTML [&hellip;]","og_url":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/","og_site_name":"Information Security","article_published_time":"2026-02-06T16:37:01+00:00","article_modified_time":"2026-02-06T16:38:27+00:00","author":"kasingh","twitter_card":"summary_large_image","twitter_misc":{"Written by":"kasingh","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/#article","isPartOf":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/"},"author":{"name":"kasingh","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/person\/206ba07b2fdc716dbfb162fe95aa60ee"},"headline":"PowerShell Remote Code Execution (CVE-2025-54100)","datePublished":"2026-02-06T16:37:01+00:00","dateModified":"2026-02-06T16:38:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/"},"wordCount":225,"publisher":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-CA"},{"@type":"WebPage","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/","url":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/","name":"PowerShell Remote Code Execution (CVE-2025-54100) - Information Security","isPartOf":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#website"},"datePublished":"2026-02-06T16:37:01+00:00","dateModified":"2026-02-06T16:38:27+00:00","breadcrumb":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/#breadcrumb"},"inLanguage":"en-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/02\/06\/powershell-remote-code-execution-cve-2025-54100\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.yorku.ca\/uit\/infosec\/"},{"@type":"ListItem","position":2,"name":"PowerShell Remote Code Execution (CVE-2025-54100)"}]},{"@type":"WebSite","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#website","url":"https:\/\/www.yorku.ca\/uit\/infosec\/","name":"Information Security","description":"","publisher":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.yorku.ca\/uit\/infosec\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-CA"},{"@type":"Organization","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#organization","name":"Information Security","url":"https:\/\/www.yorku.ca\/uit\/infosec\/","logo":{"@type":"ImageObject","inLanguage":"en-CA","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/logo\/image\/","url":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2025\/05\/Image-4.png","contentUrl":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2025\/05\/Image-4.png","width":1024,"height":1024,"caption":"Information Security"},"image":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/person\/206ba07b2fdc716dbfb162fe95aa60ee","name":"kasingh","image":{"@type":"ImageObject","inLanguage":"en-CA","@id":"https:\/\/secure.gravatar.com\/avatar\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c8a14e9f369169760b25636109e5d366baf391d45d3aa148137036b64cc6bb48?s=96&d=mm&r=g","caption":"kasingh"},"url":"https:\/\/www.yorku.ca\/uit\/infosec\/author\/kasingh\/"}]}},"taxonomy_info":{"category":[{"value":31,"label":"Vulnerabilities"}]},"featured_image_src_large":false,"author_info":{"display_name":"kasingh","author_link":"https:\/\/www.yorku.ca\/uit\/infosec\/author\/kasingh\/"},"comment_info":0,"category_info":[{"term_id":31,"name":"Vulnerabilities","slug":"vulnerabilities","term_group":0,"term_taxonomy_id":31,"taxonomy":"category","description":"","parent":0,"count":18,"filter":"raw","cat_ID":31,"category_count":18,"category_description":"","cat_name":"Vulnerabilities","category_nicename":"vulnerabilities","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts\/2577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/users\/2694"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/comments?post=2577"}],"version-history":[{"count":1,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts\/2577\/revisions"}],"predecessor-version":[{"id":2578,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts\/2577\/revisions\/2578"}],"wp:attachment":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/media?parent=2577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/categories?post=2577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/tags?post=2577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}