CVE-2025-25004: 
vulnerability analysis and mitigation

Microsoft PowerShell contains an improper access control vulnerability (CVE-2025-25004) that was disclosed on October 14, 2025. The vulnerability affects PowerShell versions 7.5 prior to 7.5.4 and 7.4 prior to 7.4.13, allowing an authorized attacker to elevate privileges locally (NVD, Qualys).

The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-284 (Improper Access Control) according to Microsoft's assessment (NVD).

When successfully exploited, this vulnerability allows a local, authenticated attacker to create, modify, or delete files in the security context of the "NT AUTHORITY\SYSTEM" account (Qualys).

Microsoft has released version 7.5.4 for PowerShell 7.5 users and version 7.4.13 for PowerShell 7.4 users to address this vulnerability. Users are advised to upgrade to these patched versions to mitigate the risk (Microsoft Q&A).

Microsoft Defender has flagged this vulnerability as High severity, prompting immediate attention from system administrators. The community has actively discussed the need for urgent updates, particularly in enterprise environments (Microsoft Q&A).