CNNVD-202512-1225 Information
CNNVD ID
CNNVD-202512-1225
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
Microsoft Windows PowerShell是美国微软(Microsoft)公司的一种命令行外壳程序和脚本环境,使命令行用户和脚本编写者可以利用 .NET Framework的强大功能。 Microsoft Windows PowerShell存在命令注入漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 25H2 for ARM64-based Systems,Windows 11 Version 25H2 for x64-based Systems,Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems。
Description (English)
Microsoft Windows PowerShell is an American Microsoft (MSC) command-script shell program and scrip environment that allows the command-script user and script writer to take advantage of the powerful functions of .NET Framework. Microsoft Windows PowerShell has an order to inject a loophole. The attackers used the loophole to implement the code remotely. The following products and versions are affected: Wows 10 Versted 2 Wows & & , Wows & & & 2s & , Wows & & 2s & & & , & Wows & & & & & & & , / Wows & & & & & & & & & , / Wows & &s & & / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / Wows / / / / / / / S / / / / / / / / / / / / / / / / / / / / /
Hazard Level
Medium
Vulnerability Type
命令注入
Affected Vendor
微软
Published
2025-12-09
Last Modified
2026-02-24
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54100
Patch
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54100
Share on: