🔴 CVE-2025-59287

Critical deserialization vulnerability in Windows Server Update Services (WSUS) allows unauthenticated remote code execution over the network. WSUS servers are commonly deployed as centralized internet-facing infrastructure for managing Windows updates in enterprise environments.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-10-14

Added to CISA KEV: 2025-10-24 10 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-10-24)

CVE-2025-59287 is a critical remote code execution vulnerability affecting Windows Server Update Services (WSUS). Here's what is known about its exploitation:

  • Affected Applications/Services: It affects Windows systems running WSUS [3][4].
  • Active Exploitation: The vulnerability is being actively exploited in the wild [5][6].
  • Attack Vectors/Exploitation Methods: The attack vector involves sending a crafted event that leads to a deserialization of untrusted data [2][3]. An unauthorized attacker can then execute code over a network [3][5].
  • Targeted Attacks: While the provided documents confirm active exploitation, they do not specify whether CVE-2025-59287 has been used in targeted attacks.
  • CISA KEV Status: CISA has added CVE-2025-59287 to its Known Exploited Vulnerabilities (KEV) Catalog [8][7].
  • Internet Exploitability: The vulnerability allows remote, unauthenticated attackers to perform actions [1] and execute code over a network [3][5], indicating internet exploitability.

Sources

  1. Microsoft patches three zero-days actively exploited by attackers

    For those how use Windows Server Update Service (WSUS), Childs advises patching CVE-2025-59287 , which allows remote, unauthenticated attackers to ...

  2. Urgent WSUS Patch for CVE-2025-59287 RCE or Isolate

    At a technical level, CVE‑2025‑59287 is a classic unsafe deserialization weakness (CWE‑502) inside WSUS’s reporting/endpoint code. When an application takes serialized object data from an untrusted source and reconstructs live objects without validation, attackers can craft serialized input that cau…

  3. CVE-2025-59287 Impact, Exploitability, and Mitigation Steps

    The attack vector involves sending a crafted event that leads to a deserialization of untrusted data. This is notably the first RCE ...

  4. CVE-2025-59287 : Remote Code Execution Vulnerability in Windows...

    What is CVE-2025-59287? CVE-2025-59287 is a critical remote code execution vulnerability found in the Windows Server Update Service (WSUS) developed by Microsoft. WSUS is a vital component for managing the distribution of updates that are released through Microsoft Update to computers in a corporate…

  5. Microsoft releases urgent fix for actively exploited... - Help Net Security

    CVE-2025-59287 is a critical deserialization of untrusted data vulnerability that may allow an unauthorized attacker to execute code on ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed