Microsoft has disclosed a new Windows PowerShell 0-day vulnerability that could allow attackers to execute arbitrary code on vulnerable systems, posing a serious threat to enterprises that rely on PowerShell for administration and automation.
Tracked as CVE-2025-54100, the flaw was publicly disclosed on December 9, 2025, and is classified by Microsoft as an “Important” remote code execution (RCE) vulnerability with a maximum CVSS score of 7.8.
https://cyberpress.org/windows-powershe ... erability/