Tag :
Cyber Security

Summary

Item Details
Vulnerability Name

PowerShell Remote Code Execution

(CVE-2025-54100)
Released on

December 09, 2025
Affected Component

PowerShell
Affected Version

Windows Server 2025 (Server Core installation)

Windows Server 2025

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows 11 Version 25H2 for x64-based Systems

Windows 11 Version 25H2 for ARM64-based Systems

Windows 11 Version 24H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems
Vulnerability Type

Remote code execution
Exploitation Condition

1. User authentication: not required.

2. Precondition: The attacker utilizes social engineering techniques to entice the victim to access the attacker's crafted website via PowerShell.

3. Trigger mode: local. (The word "remote" in terms of vulnerability type indicates the remote location of the attacker.)
Impact

Exploitation difficulty: difficult. The victim needs to be enticed to access the attacker's crafted website via PowerShell.

Severity: critical. This vulnerability enables the attacker to execute arbitrary code with the victim's privileges.
Official Solution

Available

About the Vulnerability

Component Introduction

PowerShell is an automation and scripting environment introduced by Microsoft. Built on the .NET runtime, PowerShell is object-oriented rather than purely text-based. It abstracts system resources into manageable objects and enables configuration management, bulk operations, and task automation through a unified cmdlet pipeline mechanism. Deeply integrated into the Windows management framework, PowerShell supports operations on the registry, services, processes, networks, and cloud resources. Its scripting capabilities and modular ecosystem make it a crucial tool for system administrators and engineers to perform system management, operational automation, and troubleshooting.

Vulnerability Description

On December 26, 2025, Sangfor FarSight Labs received notification of the remote code execution vulnerability in PowerShell (CVE-2025-54100), classified as critical in threat level.

Specifically, PowerShell contains a remote code execution vulnerability that allows a remote unauthenticated attacker to utilize social engineering techniques to entice a victim to access the attacker's crafted website via PowerShell, potentially resulting in remote code execution.

Affected Versions

The following Windows versions are affected:

Item Details
Affected Version

Windows Server 2025 (Server Core installation)

Windows Server 2025

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows 11 Version 25H2 for x64-based Systems

Windows 11 Version 25H2 for ARM64-based Systems

Windows 11 Version 24H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Solutions

Remediation Solutions

Temporary Solutions

  1. Do not use curl or Mshta to parse untrusted links or addresses.
  2. When using the Invoke-WebRequest command to parse an address, include the -UseBasicParsing parameter.

Official Solution

The latest versions have been officially released to fix the vulnerability. Affected users are advised to update Windows to one of the latest versions as needed.

Timeline

On December 09, 2025, Sangfor FarSight Labs received notification of the remote code execution vulnerability in PowerShell (CVE-2025-54100).

On December 26, 2025, Sangfor FarSight Labs released a vulnerability alert.

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54100

Learn More

Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Security Feature Bypass in Microsoft Office (CVE-2026-21509)

Date : 27 Jan 2026
Read Now

Authentication Bypass in Oracle WebLogic Server Proxy Plug-in (CVE-2026-21962)

Date : 22 Jan 2026
Read Now

Command Injection in the phMonitor Service of Fortinet FortiSIEM (CVE-2025-64155)

Date : 15 Jan 2026
Read Now

See Other Product

Athena SASE - Secure Access Service Edge
Sangfor Athena NGFW - Next Generation Firewall
Sangfor Athena EPP - Modern Endpoint Protection Platform
Sangfor Athena NDR - Network Detection and Response
Cyber Command - NDR Platform
MDR TCO Calculator - User Input Page

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail