Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Windows PowerShell 5.1 Invoke-WebRequest script-execution mitigation (CVE-2025-54100)

Advisory/Mitigation
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft added a security confirmation prompt to Windows PowerShell 5.1 so Invoke-WebRequest does not silently parse web pages in a way that could run embedded scripts. The change reduces remote code execution risk for automation-heavy Windows 10 and Windows 11 environments linked to CVE-2025-54100. Administrators are told to use -UseBasicParsing or cancel the operation when the warning appears. The mitigation arrives with KB5074204 and also affects scripts that rely on the curl alias.

Related Happenings

Windows cldflt.sys privilege escalation (CVE-2020-17103)

Vulnerability
First: 18.05.2026 01:30 Last: 18.05.2026 01:30 Sources 1

About this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...

Open Happening

Windows DNS heap-based buffer overflow remote code execution flaw (CVE-2026-41096)

Vulnerability
First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft patched **CVE-2026-41096**, a **heap-based buffer overflow** in **Windows DNS** that could let an unauthorized attacker execute code remotely on vulnerable Windows syste...

Open Happening

Microsoft SaRA deprecation and Get Help replacement for Windows admin diagnostics

Security Tool/Service
First: 06.04.2026 20:45 Last: 06.04.2026 20:45 Sources 1

About this happening: Microsoft removed **SaRA**, a scriptable Windows support utility, from **in-support Windows updates** starting **March 10**, changing the troubleshooting toolset available to admi...

Open Happening

ClickFix Windows Terminal Lumma Stealer campaign

Campaign
First: 06.03.2026 08:44 Last: 06.03.2026 08:44 Sources 1

About this happening: A **widespread ClickFix** campaign is abusing **Windows Terminal (wt.exe)** to run malicious commands and deploy **Lumma Stealer**, expanding the risk of credential theft and brow...

Open Happening

Windows Admin Center improper authentication privilege escalation (CVE-2026-26119)

Vulnerability
First: 19.02.2026 19:40 Last: 19.02.2026 19:40 Sources 1

About this happening: **Windows Admin Center** is affected by **CVE-2026-26119**, a high-severity **improper authentication** flaw that can let an authorized attacker elevate privileges over a network....

Open Happening

Timeline

  1. 09.12.2025 22:45 2 articles · 5mo ago

    Microsoft adds Invoke-WebRequest script-execution warning

    Mitigation Patch Update

    Microsoft added a security confirmation prompt to Windows PowerShell 5.1 for Invoke-WebRequest web-content downloads so scripts embedded in parsed pages could not run silently, and it advises administrators in enterprise and IT-managed environments using PowerShell automation to use -UseBasicParsing or cancel the operation. The warning, tied to CVE-2025-54100 and the KB5074204 update, also applies when scripts invoke the curl alias, while most existing commands that only download content or read response data should continue to work with little or no modification.

    Show sources
    Open in new tab