Home Microsoft CVE-2025-54100
Back to Microsoft

CVE-2025-54100

Windows - PowerShell

Microsoft CVSS 7.8 Updated March 13, 2026

Executive Risk Summary

"A command injection vulnerability in Windows PowerShell allows an unauthorized attacker to execute code locally, potentially leading to system compromise. This vulnerability can be exploited by an attacker to gain elevated privileges and perform malicious actions on the system."

Operational Audit Arsenal

Target Type Executable
Target Asset powershell.exe
Standard Path %windir%\System32\WindowsPowerShell\v1.0
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: powershell.exe (Executable)
$Targets = 'powershell.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

PowerShell service affected

Internal Work Notes

CVE-2025-54100: PowerShell command injection vulnerability, requires patching and reboot to mitigate

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

MSRC Advisoryhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54100
Official Advisoryhttps://www.vicarius.io/vsociety/posts/cve-2025-54100-detect-powershell-vulnerability
Official Advisoryhttps://www.vicarius.io/vsociety/posts/cve-2025-54100-mitigate-powershell-vulnerability

Related Microsoft Threats

CVE-2026-31957 CVSS 10

Microsoft Azure Entra ID and Intune - Himmelblau
CVE-2025-65041 CVSS 10

Microsoft Partner Center
CVE-2026-33105 CVSS 10

Microsoft Azure Kubernetes Service - Azure Kubernetes
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.