Critical deserialization vulnerability in Windows Server Update Services (WSUS) allows unauthenticated remote code execution over the network. WSUS servers are commonly deployed as centralized internet-facing infrastructure for managing Windows updates in enterprise environments.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-10-14
Added to CISA KEV: 2025-10-24 10 DAYS BETWEEN CVE AND KEV
For those how use Windows Server Update Service (WSUS), Childs advises patching CVE-2025-59287 , which allows remote, unauthenticated attackers to ...
At a technical level, CVE‑2025‑59287 is a classic unsafe deserialization weakness (CWE‑502) inside WSUS’s reporting/endpoint code. When an application takes serialized object data from an untrusted source and reconstructs live objects without validation, attackers can craft serialized input that causes object constructors or ...
The attack vector involves sending a crafted event that leads to a deserialization of untrusted data. This is notably the first RCE ...
What is CVE-2025-59287? CVE-2025-59287 is a critical remote code execution vulnerability found in the Windows Server Update Service (WSUS) developed by Microsoft. WSUS is a vital component for managing the distribution of updates that are released through Microsoft Update to computers in a corporate environment.
CVE-2025-59287 is a critical deserialization of untrusted data vulnerability that may allow an unauthorized attacker to execute code on ...