Windows PowerShell now warns when running Invoke-WebRequest scripts
- 4 days ago
- 2 min read
Windows PowerShell now warns when running Invoke-Web Request scripts
Microsoft has announced that Windows PowerShell will now issue warnings when scripts using the Invoke-WebRequest cmdlet to download web content are executed, with the goal of preventing potentially dangerous code from running.
According to Microsoft, this measure addresses a high-severity PowerShell remote code execution vulnerability (CVE-2025-54100). This primarily impacts enterprise or IT-managed environments where PowerShell scripts are used for automation, as such scripts are less frequently used outside these settings.
The warning has been implemented in Windows PowerShell 5.1, the default PowerShell version on Windows 10 and Windows 11 systems and is intended to provide the same secure web parsing capabilities available in PowerShell 7.
PowerShell will notify you that scripts from web pages downloaded with the "Invoke-WebRequest" cmdlet could run on your system without precautions. By default, pressing 'Enter' or choosing 'No' will cancel the operation, and PowerShell will recommend using the '-UseBasicParsing' parameter to process the command more safely.
If you select 'Yes,' PowerShell will parse the page using the older method (full HTML parsing), allowing the content and embedded scripts to load as they did before. In essence, choosing 'Yes' means you accept the risk, while selecting 'No' halts the action to safeguard your system.
Windows PowerShell now warns when running Invoke-Web Request scripts
"Windows PowerShell 5.1 now prompts a security confirmation when the Invoke-WebRequest command is used to fetch web pages without specific parameters," Microsoft explains in a Tuesday advisory.
"This prompt alerts users that scripts on the page might execute during parsing and recommends using the safer -UseBasicParsing parameter to prevent script execution. Users must decide whether to proceed or cancel the operation."
After installing the KB5074204 update, IT administrators will encounter the following confirmation prompt warning about the risks of script code execution:
Security Warning: Script Execution Risk
Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed.
RECOMMENDED ACTION:
Use the -UseBasicParsing switch to avoid script code execution.
Do you want to continue?
```
For additional details, see [KB5074596: PowerShell 5.1: Preventing script execution from web content](https://support.microsoft.com/help/5072034).To prevent their automation scripts from stalling while waiting for manual confirmation, admins should explicitly update their scripts to use the UseBasicParsing safe parameter.
It's important to mention that in PowerShell, the 'curl' command is an alias for the Invoke-WebRequest cmdlet, which means you'll encounter these new warnings when executing scripts that use curl commands.
Microsoft stated, "Most PowerShell scripts and commands utilizing the Invoke-WebRequest command will function with minimal or no changes."
"For instance, scripts that solely download content or handle the response body as text or data remain unaffected and need no alterations."
Comments