—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in PowerShell 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Windows Microsoft Powershell

Overview

A vulnerability has been reported in Microsoft Windows PowerShell which could allow a remote attacker to bypass security controls and execute arbitrary commands  on the affected system.

Target Audience:

All organizations and individuals using Microsoft Windows PowerShell in enterprise or standalone environments.

Risk Assessment:

High risk of remote command execution due to potential misuse of PowerShell scripting and command execution capabilities.

Impact Assessment:

Potential for execution of arbitrary commands in the security context of the affected user, potentially leading to unauthorized access to local system resources.

Description

Windows PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and scripting language.

A vulnerability exists in Microsoft Windows PowerShell due to improper handling of specially crafted input during PowerShell command execution. An attacker could exploit this flaw to execute arbitrary commands in the security context of the user by supplying malicious input that is processed by PowerShell.

Successful exploitation of this vulnerability could allow a remote attacker to bypass security controls and execute arbitrary commands on the affected system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-54100

References

Microsoft

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-54100

CVE Name

CVE-2025-54100

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlBVxgACgkQ3jCgcSdc

ys+QzA/+KzCmnqTWKGkeaPq4Y3gdJXBQKK89bzdgTlRZIEEQIjj1q+CNk4dLjh9Z

Lsx3lYNgnEKk7U439DmaoxPRPzVYF5Dr5eTQyYQcQB+zDW0L8hvltt5sM1ejalTn

HhyHt8Y6qlueKWPz1lPsC2J7r/gqUKJXW6SpN+6iM2OlCNj+TX/JUkUGQDynac0x

IrfuhWa8RrryH4dICmgQIUxVJm3XNJeoexwCjK6PfVIaOPaaLsLXpmcoGbocDZSH

6bhxuNl/0hDM5pdzoeubJIby9Dul2OX1QrjW9PyIvMorS8wmhJ82/f/dh1A2djdS

RuCEC1pT+IQP/5OK5STomUf1mKWSWsRfzAH9poGWp8C/YH/uqJzMTXjefqUt3kVD

DXKeycD9YItGSqCn9qLhKcoaXY7hzna/R7f4mbZTQoplijeFOMXDWSO959nSlS3k

RLMu8GnWWgbZH0kSYYS5dLq73dRON00+5tJd5E4lYdi3xzXlxnpFPmAdz04BsPR6

HE0hIqr+xKO7pUuC9UQpct5x9aLhFqeN77D57JnoByb0UxoPbR5/NqrMsPFMb5ZO

l+B2SSJ99oTxORAV9KpTIvDxRygmKI4eeFABVqIu3QoBHb2iDepdgwfhuSo8fVQc

NEHdenLsCXNG0evoCA5561hdljj1aOLe0Vut1NsIBmofx+te0CY=

=KHRA

—–END PGP SIGNATURE—–