Do Invoke-WebRequest PowerShell changes affect MID Server/Discovery/ACC (CVE-2025-54100)?Issue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Are ServiceNow features affected by the changes to Windows PowerShell Invoke-WebRequest for vulnerability KB5074596/CVE-2025-54100 (December 2025 Patch Tuesday)? Symptoms<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Given that this change would cause a command line prompt, which would require Interactive mode to be possible, and anything running by servicenow tends to be run in non-interactive mode, the error seen is likely to be about that: Windows PowerShell is in NonInteractive mode. Read and prompt functionality is not available For example in an Orchestration Workflow: Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Any. Cause<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Microsoft released a security update (PowerShell Remote Code Execution Vulnerability - CVE-2025-54100) for a disclosed PowerShell Remote Code Execution vulnerability related to the Invoke-WebRequest cmdlet. This cmdlet is used to send HTTP/HTTPS requests and retrieve responses. Microsoft describe this change as: "Windows PowerShell 5.1 now displays a security confirmation prompt when using the Invoke-WebRequest command to fetch web pages without special parameters. Security Warning: Script Execution Risk Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed.RECOMMENDED ACTION: Use the -UseBasicParsing switch to avoid script code execution.Do you want to continue? This prompt warns that scripts in the page could run during parsing and advises using the -UseBasicParsing parameter to avoid any script execution. Users must choose to continue or cancel the operation. This change helps protect against malicious web content by requiring user consent before potentially risky actions." https://support.microsoft.com/en-us/topic/powershell-5-1-invoke-webrequest-preventing-script-execution-from-web-content-7cb95559-655e-43fd-a8bd-ceef2406b705 Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } As of January 2026 versions, this change should not break anything in out-of-box scripts, however Customer and 3rd party scripts may be affected. When Invoke-WebRequest is used in ServiceNow scripts, it is used with -UseBasicParsing already. Powershell scripts are used in these places: MID Server platform/installer There are several Powershell scripts in agent\bin\, but none of those use Invoke-WebRequest MID Server Script Files There are lots of Powershell scripts, from Discovery, Orchestration, Integration Hub Spokes, and others. None of the out-of-box servicenow ones use Invoke-WebRequest, except for: Discovery CommonUtils.psm1 uses Invoke-WebRequest -UseBasicParsing, since 2020.SSM_PowerShellScript_Patterns.psm1 has always used Invoke-WebRequest -UseBasicParsing. Agent Client Collector Framework GetAllIpsForWindows.ps1 has always used Invoke-WebRequest -UseBasicParsing. Custom or 3rd party scripts Customers would need to check the ecc_agent_script_file table in the instance for any PowerShell scripts that might be using Invoke-WebRequest without -UseBasicParsing Discovery Patterns These 3 use Invoke-WebRequest, but have always used -UseBasicParsing:Windows - AWSSAM Citrix Desktop UsageSAM Citrix Application Usage Customers may have added custom patterns or steps, and so check could be done where the Pattern text field of the sa_pattern table contains Invoke-WebRequest. Pattern Designer -> Command Validation Tool -> Commands List will list all pattern step commands. e.g. These are the OOTB ones that use -UseBasicParsing: Agent Client Collector Monitoring None of the out-of-box checks use Invoke-WebRequest. Customers may have written custom ACC Plugins containing Powershell scripts, which may use Invoke-WebRequest without -UseBasicParsing. That would need checking. DEX Desktop Assistant install_script.ps1 in the sn_dex_desktop_script table uses Invoke-WebRequest without -UseBasicParsing - TBC. Additional customer scripts may need checking.