Dec 16, 2025
3 min read
Microsoft says that Windows PowerShell warns you when you use scripts that use the Invoke-WebRequest cmdlet to download web content, with the goal of preventing potentially harmful code from executing.
As Microsoft explains, this mitigates a critical PowerShell remote code execution vulnerability (CVE-2025-54100) that primarily affects enterprise or IT environments that use PowerShell scripts for automation, as PowerShell scripts are not frequently used outside of such environments.
The warning was added to Windows PowerShell 5.1, the version of PowerShell installed by default on Windows 10 and Windows 11 systems, and was designed to add the scanning process of the same website found in PowerShell 7.
Without warning, PowerShell will warn you that web page scripts downloaded using the "Invoke-WebRequest" cmdlet may be executed on your computer.By default, if you press "Enter" or select "No", the operation will be canceled and PowerShell will recommend rerunning the command with the "-UseBasicP" parameter.
When you select Yes, PowerShell parses the page using the old method (full HTML parsing), allowing content and embedded scripts to load as before.In short, selecting "Yes" means you accept the risk, and selecting "No" stops the action to protect your system.
"Windows PowerShell 5.1 now displays a security confirmation prompt when using the Invoke-WebRequest command to retrieve a web page without special parameters," Microsoft explained Tuesday.
"This note warns that page scripts may be running while parsing, and recommends using the -UseBasicParsing safety parameter to prevent any scripts from executing. Users must choose to continue or abort the operation."
After installing update KB5074204 (for Windows 11, versions 24H2 and 25H2), update KB5074204 (for Windows Server 2025), or KB5074353 (for Windows Server 2022), IT administrators will see the following prompt confirmation warning about script code: execution risks
Security Warning: Script Execution Risks
Invoke-WebRequest renders the content of a web page.Script code on a web page can be executed when the page is loaded.
Use the -UseBasicParsing switch to not execute script code
Do you want to continue?
For more details, see [KB5074596: PowerShell 5.1: Preventing script execution for web content](https://support.microsoft.com/help/5072034).
To avoid automation scripts getting stuck pending manual validation, administrators are specifically encouraged to update their scripts to use the usebasicparsing safe option.
It is important to note that in PowerShell the 'curl' command is related to the Invoke-WebRequest command, so you will see these new warnings when you run a script that calls the curl command.
"Most PowerShell scripts and commands that use the Invoke-WebRequest command will continue to work with little or no changes," Microsoft writes.
“For example, scripts that only download content or run as text or data with response fields are not affected and do not require modification.”
Break IAM silos like Bitpanda, KnowBe4 and PathAI
Broken IAM isn't just an IT problem.But it also affects your entire business.
This practical guide covers why old IAM practices don't meet modern needs, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
deltasierra - 3 days ago
The December Patch Tuesday updates include this patch based on the security updates listed in the table below the Microsoft CVE page for this vulnerability:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54100.This means KB5072033 for Windows 11 24H2 and 25H2, as well as Server 2025 and KB5071546 for Windows 10 22H2 and 21.
