Command Injection Vulnerability in Windows PowerShell by Microsoft
CVE-2025-54100

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
9 December 2025

Badges

📈 Score: 973👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-54100?

CVE-2025-54100 is a command injection vulnerability identified in Microsoft Windows PowerShell, a powerful task automation and configuration management framework widely used by system administrators and developers. This vulnerability arises from improper neutralization of special elements within commands executed in PowerShell, which can allow unauthorized attackers to execute arbitrary code locally on affected systems. Given PowerShell's extensive permissions and capabilities, such exploitation could lead to severe ramifications for organizations, including unauthorized access to sensitive data, the ability to deploy malicious payloads, and the disruption of critical services.

Potential impact of CVE-2025-54100

  1. Unauthorized Code Execution: The vulnerability allows attackers to execute arbitrary commands locally, which could lead to unauthorized access to system resources and sensitive information, thereby compromising the integrity and confidentiality of organizational data.

  2. Increased Risk of Malware Deployment: Successful exploitation may enable attackers to install malware, ransomware, or other malicious software on affected systems, potentially leading to broader network compromises and extensive data breaches.

  3. Operational Disruption: An attacker leveraging this vulnerability could disrupt normal business operations, either by incapacitating essential systems or by manipulating system configurations, leading to potential downtime and loss of productivity.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8688

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8146

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6691

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-54100
Created by ThemeHackers

News Articles

favicon imageSOC Prime

CVE-2025-62221 and CVE-2025-54100: Windows Elevation of Privilege and RCE Zero-Day Vulnerabilities Patched | SOC Prime

Explore details for CVE-2025-62221 and CVE-2025-54100 zero-day vulnerabilities in Windows products, with an in-depth analysis on our SOC Prime blog.

3 weeks ago

favicon imageCyber Press

Windows PowerShell 0-Day Vulnerability Allows Attackers to Execute Malicious Code

Tracked as CVE-2025-54100, the flaw was publicly disclosed on December 9, 2025, and is classified by Microsoft as an “Important” remote code execution

3 weeks ago

favicon imageCybersecurityNews

Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code

Microsoft has released a security update to fix a Windows PowerShell flaw that could let attackers run malicious code on a system

3 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-54100 : Command Injection Vulnerability in Windows PowerShell by Microsoft