List all Intune remediation scripts containing Invoke-WebRequest without UseBasicParsing (CVE-2025-54100)

In this post I will share a script allowing you to find all remediation script (detection or remediation) impacted by the CVE-2025-54100.

Context 

Microsoft recently mitigated a high-severity PowerShell remote code execution vulnerability through the CVE-2025-54100.

You can get more info here or here.

The impact is that if you have a script containing the invoke-webrequest cmdlet it may not continue or show the following warning:

To avoid this, you need to add -UseBasicParsing parameter.

See below an example of URL with issue:

❌ Broken Code:

$response = Invoke-WebRequest 'https://msedgewebdriverstorage.blob.core.windows.net/edgewebdriver/LATEST_STABLE' 

✅ Fixed Code:

$response = Invoke-WebRequest 'https://msedgewebdriverstorage.blob.core.windows.net/edgewebdriver/LATEST_STABLE' -UseBasicParsing

The solution

The script works as below:

- Authenticate to Intune

- Get all remediation scripts

- Check all detection/remediation

- Look for invoke-webrequest without UseBasicParsing

- Export result

To run the script, use the below command:

.\Remediation_CVE2554100_Report.ps1 

Two parameters are available:

- GridView: export content in a gridview

- PST: export content in a PST

See below overview from gridview

See below overview from PST

You can find all remediation scripts with an issue in detection or remediation meaning with Invoke-WebRequest without UseBasicParsing.

Get the script

Click on the below GitHub picture to get the script