CVE-2025-54100 is a command injection vulnerability classified under CWE-77 that affects Microsoft Windows 10 Version 1607 (build 10.0.14393.0). The vulnerability exists due to improper neutralization of special elements in commands processed by Windows PowerShell, which can be exploited by an unauthorized attacker with local access to execute arbitrary code on the affected system. The attacker does not require privileges but does require user interaction to trigger the vulnerability. This flaw allows the attacker to compromise the confidentiality, integrity, and availability of the system by executing malicious commands that could lead to data theft, system manipulation, or denial of service. The CVSS v3.1 base score is 7.8, indicating a high severity level, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no exploits are currently known in the wild, the vulnerability poses a significant risk due to the widespread use of Windows 10 Version 1607 in legacy environments. The vulnerability was reserved in July 2025 and published in December 2025, with no patch links currently available, indicating that mitigation may rely on interim controls until an official patch is released.

The impact of CVE-2025-54100 is substantial for organizations still operating Windows 10 Version 1607, particularly those that utilize PowerShell for automation or administrative tasks. Successful exploitation can lead to full system compromise, allowing attackers to execute arbitrary commands, potentially leading to data breaches, unauthorized changes to system configurations, installation of malware, or disruption of critical services. The requirement for local access and user interaction limits remote exploitation but does not eliminate risk in environments where attackers can gain physical or remote desktop access. Legacy systems in industrial, governmental, and enterprise environments are especially vulnerable, as they may lack timely updates and have critical operational roles. The vulnerability threatens confidentiality by exposing sensitive data, integrity by allowing unauthorized modifications, and availability by enabling denial-of-service conditions. The absence of known exploits currently provides a window for proactive defense, but the high severity score underscores the urgency of mitigation.

1. Apply official patches from Microsoft as soon as they become available for Windows 10 Version 1607 to address the vulnerability directly. 2. Restrict local access to systems running this Windows version by enforcing strict access controls, including limiting physical access and using strong authentication mechanisms for remote desktop or terminal services. 3. Implement application whitelisting and PowerShell execution policies to restrict the execution of unauthorized scripts or commands. 4. Monitor PowerShell usage through logging and alerting to detect suspicious command execution patterns indicative of exploitation attempts. 5. Educate users about the risks of interacting with untrusted content that could trigger the vulnerability. 6. Where feasible, upgrade affected systems to a supported and fully patched version of Windows to reduce exposure to legacy vulnerabilities. 7. Employ endpoint detection and response (EDR) tools capable of identifying command injection attempts and anomalous PowerShell activity. 8. Conduct regular vulnerability assessments and penetration testing focusing on local privilege escalation and command injection vectors.