Windows PowerShell Now Warns About Risky Web Scripts

As part of the December 2025 Patch Tuesday Update for Windows 11 version 23H2, 24H2, and 25H2, Microsoft made some changes to PowerShell 5.1. So, if you came across a new security warning in Windows PowerShell 5.1 after installing these security updates, don’t worry; Microsoft says that it is designed to prevent scripts from running unexpectedly when fetching web content.

The change specifically targets the Invoke-WebRequest cmdlet, which is known for downloading web pages and resources. According to Microsoft, the warning you see simply addresses a high-severity remote code execution vulnerability (CVE-2025-54100). The said vulnerability affects enterprise and IT-managed environments where PowerShell scripts are heavily used for automation. If you are an individual user, the impact is reportedly limited.

So, when do you see this alert? Well, it pops up once (KB5074204) is installed. PowerShell will alert you if a downloaded page could execute scripts. The alert you see will read:

Security Warning: Script Execution Risk
Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed.
RECOMMENDED ACTION:
Use the -UseBasicParsing switch to avoid script code execution.
Do you want to continue?

If you press Enter or select No, by default, you’ll see the operation being canceled. PowerShell suggests re-running the command with -UseBasicParsing for safer processing. When you select Yes, it allows you to fully load the page, which includes embedded scripts, essentially accepting the risk.

Microsoft notes that this security confirmation applies to scripts using the curl alias as well, since it maps to Invoke-WebRequest. Most scripts will continue to work without changes, especially those that simply download content or read response data.

The company further recommends IT admins to update automation scripts to explicitly include the safer -UseBasicParsing parameter to avoid waiting on manual prompts.

Have you seen this warning pop up yet? Are you updating your scripts proactively, or letting them run as before? Do let us know in the comments below.