一、漏洞概要
漏洞名称 | PowerShell 远程代码执行漏洞 (CVE-2025-54100) |
发布时间 | 2025年12月9日 |
组件名称 | Powershell |
影响范围 | Windows Server 2025 (Server Core installation) Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems |
漏洞类型 | 远程代码执行 |
利用条件 | 1、用户认证:不需要用户认证 2、前置条件: 攻击者通过社会工程诱使受害者通过Powershell访问攻击者的特制网站。 3、触发方式:本地(漏洞类型中远程是指攻击者的位置) |
综合评价 | |
官方解决方案 | 已发布 |
二、漏洞分析
2.1 组件介绍
PowerShell是微软推出的自动化管理与脚本环境,基于 .NET 运行时,面向对象而非纯文本。它将系统资源抽象为可操作的对象,通过统一的 Cmdlet 管道机制实现配置管理、批量运维和任务自动化。PowerShell 深度集成 Windows 管理体系,支持注册表、服务、进程、网络与云资源操作。其脚本能力与模块化生态使其成为系统管理员与工程师进行系统管理、运维自动化和故障排查的重要工具。
2.2 漏洞描述
2025年12月26日,深瞳漏洞实验室监测到PowerShell 存在远程代码执行漏洞的信息引起广泛关注,漏洞编号:CVE-2025-54100,漏洞威胁等级:高危。
未经身份验证的远程攻击者可以通过社会工程诱使受害者通过Powershell访问攻击者的特制网站,从而导致远程代码执行。
三、影响范围
目前受影响的 Windows版本:
Windows Server 2025 (Server Core installation)
Windows Server 2025
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
官方修复建议
官方已发布最新版本修复该漏洞,建议受影响用户将Windows更新最新版本。