Microsoft has announced an important update to Windows PowerShell, introducing a security warning for users running scripts that utilize the Invoke-WebRequest cmdlet to download web content. This enhancement is aimed at mitigating a high-severity remote code execution vulnerability identified as CVE-2025-54100, which predominantly impacts enterprise and IT-managed environments that rely on PowerShell scripts for automation.
Enhanced Security Measures
The warning feature has been integrated into Windows PowerShell 5.1, the default version on Windows 10 and Windows 11 systems. This update aligns the security protocols of PowerShell 5.1 with those found in PowerShell 7, ensuring a more secure web parsing process.
When users execute scripts that involve the Invoke-WebRequest cmdlet, PowerShell will now issue an alert indicating that scripts embedded in downloaded web pages could potentially execute on their systems. By default, users can cancel the operation by pressing ‘Enter’ or selecting ‘No.’ PowerShell will then recommend rerunning the command with the -UseBasicParsing parameter to enhance safety during processing.
Should users opt for ‘Yes,’ PowerShell will proceed with the older method of full HTML parsing, allowing the content and any embedded scripts to load as they did previously. In essence, choosing ‘Yes’ signifies acceptance of the associated risks, while selecting ‘No’ serves as a precautionary measure to safeguard the system.
In a recent advisory, Microsoft elaborated, “Windows PowerShell 5.1 now displays a security confirmation prompt when using the Invoke-WebRequest command to fetch web pages without special parameters. This prompt warns that scripts in the page could run during parsing and advises using the safer -UseBasicParsing parameter to avoid any script execution. Users must choose to continue or cancel the operation.”
Upon installing the KB5074204 update, IT administrators will encounter a confirmation prompt that highlights the risks associated with script code execution:
Security Warning: Script Execution Risk
Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed.
RECOMMENDED ACTION:
Use the -UseBasicParsing switch to avoid script code execution.
Do you want to continue?
To prevent automation scripts from stalling due to the need for manual confirmation, administrators are encouraged to explicitly update their scripts to incorporate the -UseBasicParsing parameter.
It is also noteworthy that in PowerShell, the curl command is aliased to the Invoke-WebRequest cmdlet, meaning that the new warnings will also appear when executing scripts that invoke curl commands.
Microsoft reassured users that “most PowerShell scripts and commands that use the Invoke-WebRequest command will continue to work with little or no modification.” For instance, scripts that solely download content or manipulate the response body as text or data will remain unaffected and require no alterations.
