PowerShell 5.1 Adds Security Warning for Invoke-WebRequest Scripts
Summary
Hide ▲
Show ▼
Microsoft has introduced a security warning in Windows PowerShell 5.1 for scripts using the Invoke-WebRequest cmdlet to download web content. This change aims to mitigate a high-severity remote code execution vulnerability (CVE-2025-54100) by alerting users to potential risks of script execution from web content. The warning prompts users to either proceed with caution or use the safer -UseBasicParsing parameter to avoid script execution.
Timeline
-
09.12.2025 22:45 1 articles · 6h ago
PowerShell 5.1 Update Adds Security Warning for Invoke-WebRequest
Microsoft has released an update (KB5074204) for Windows PowerShell 5.1 that introduces a security warning for scripts using the Invoke-WebRequest cmdlet. This warning alerts users to potential script execution risks when downloading web content and advises using the -UseBasicParsing parameter for safer processing. The update aims to mitigate a high-severity remote code execution vulnerability (CVE-2025-54100).
Show sources
- Windows PowerShell now warns when running Invoke-WebRequest scripts — www.bleepingcomputer.com — 09.12.2025 22:45
Information Snippets
-
The warning is part of the KB5074204 update and affects Windows PowerShell 5.1, which is the default version on Windows 10 and 11.
First reported: 09.12.2025 22:451 source, 1 articleShow sources
- Windows PowerShell now warns when running Invoke-WebRequest scripts — www.bleepingcomputer.com — 09.12.2025 22:45
-
The warning appears when using Invoke-WebRequest to fetch web pages without special parameters, alerting users to potential script execution risks.
First reported: 09.12.2025 22:451 source, 1 articleShow sources
- Windows PowerShell now warns when running Invoke-WebRequest scripts — www.bleepingcomputer.com — 09.12.2025 22:45
-
Users can choose to proceed with the older parsing method (full HTML parsing) or cancel the operation and use -UseBasicParsing for safer processing.
First reported: 09.12.2025 22:451 source, 1 articleShow sources
- Windows PowerShell now warns when running Invoke-WebRequest scripts — www.bleepingcomputer.com — 09.12.2025 22:45
-
The 'curl' command, which is aliased to Invoke-WebRequest, will also trigger these new warnings.
First reported: 09.12.2025 22:451 source, 1 articleShow sources
- Windows PowerShell now warns when running Invoke-WebRequest scripts — www.bleepingcomputer.com — 09.12.2025 22:45
-
Most existing scripts using Invoke-WebRequest will continue to work with little or no modification, especially those that only download content or work with response body as text or data.
First reported: 09.12.2025 22:451 source, 1 articleShow sources
- Windows PowerShell now warns when running Invoke-WebRequest scripts — www.bleepingcomputer.com — 09.12.2025 22:45