CVE-2025-59287
Published Oct 14, 2025
Last updated 13 days ago
AI description
CVE-2025-59287 is a remote code execution vulnerability affecting the Windows Server Update Service (WSUS). The vulnerability stems from the deserialization of untrusted data within WSUS. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted event that triggers unsafe object deserialization within a legacy serialization mechanism. Successful exploitation allows the attacker to execute arbitrary code on the target system.
- Description
- Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Oct 24, 2025
- Exploit action due
- Nov 14, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-502
- Hype score
- Not currently trending
Heightened attack risk with CVE-2025-59287 targeting WSUS. Urgent patching required. Stay protected. #CyberSecurity #DigitalRiskManagement https://t.co/ClmSygJHGw
@breachwire_io
10 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-59287
@transilienceai
10 Nov 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-59287
@transilienceai
9 Nov 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-59287
@transilienceai
8 Nov 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Some heightened activity on WSUS / CVE-2025-59287 during the last few days, put one of the payloads into a gist if someone is interested: https://t.co/ttzcTuh9V4 https://t.co/GWFKSNDl6V
@SimoKohonen
7 Nov 2025
3522 Impressions
16 Retweets
29 Likes
14 Bookmarks
0 Replies
0 Quotes
Microsoft CVE-2025-59287 exposes a critical flaw in WSUS and it's being actively exploited. 🔒 On-prem updates are no longer safe ☁️ Intune is the future📈 Secure, policy-driven updates with audit trails We help orgs migrate with hardened, stakeholder-ready strategies.
@KumonixTech
7 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows Server WSUS の脆弱性 CVE-2025-59287 の悪用を確認:CISA が警告 https://t.co/AldWYuo2ko WSUS の脆弱性に対する不完全な修正により、深刻な状況が生じています。未認証でも触れ得る 8530/8531 の Web エンドポイントが開
@iototsecnews
7 Nov 2025
74 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Weekly Purple Team: CVE-2025-59287 Critical WSUS RCE exploited in the wild. CISA KEV'd it in 24hrs. This episode covers: ✅ Exploitation mechanics ✅ Detection strategies ✅ Real attack telemetry From exploit to detection rule 👇 Watch: https://t.co/rxkssUzzBP
@BriPwn
6 Nov 2025
140 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🔔 WSUS RCE disclosed — CVE-2025-59287 🔔 A critical remote code execution (RCE) vulnerability has been disclosed and active exploitation via PoCs is being reported. Criminal IP has identified 4,616 affected instances — please follow the detection & response guide
@CriminalIP_US
6 Nov 2025
271 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🔔#WSUS RCE(CVE-2025-59287)技術ブログ公開! 認証や権限なしで悪用可能なこの脆弱性は、PoC公開で攻撃が活発化しています。 Criminal IPでは未処置のインスタンス4,616件、日本でも125件確認されています。
@CriminalIP_JP
6 Nov 2025
179 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🔔 WSUS RCE 공개 — CVE-2025-59287 🔔 치명적 원격 코드 실행(RCE) 취약점이 공개되어 PoC를 통한 공격이 활발히 보고되고 있습니다. Criminal IP에서 4,616건의 인스턴스가 확인되었으니, 블로그의 탐지·대응 가이드를
@CriminalIP_KR
6 Nov 2025
116 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
CVE‑2025‑59287: Critical RCE in Windows Server Update Services (WSUS) A remote-code-execution vulnerability (CVE-2025-59287) in Microsoft’s WSUS was disclosed, affecting server update infrastructure. It allows unauthenticated attackers to execute code with system privilege
@SPSDigitalTech
5 Nov 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft lanzó una actualización de emergencia (KB5070881) para corregir la vulnerabilidad crítica CVE-2025-59287 en WSUS Pero... Esta actualización deshabilitó accidentalmente la función de revisión en caliente (Hotpatch) en algunos dispositivos con #WindowsServer 2025
@SoyITPro
4 Nov 2025
1964 Impressions
2 Retweets
13 Likes
4 Bookmarks
4 Replies
0 Quotes
Fix for Critical WSUS RCE (CVE-2025-59287) - Hackers Actively Exploiting Port 8530. Read the full report on - https://t.co/oCp2rFzi29 https://t.co/ll2skgnZcb
@Iambivash007
4 Nov 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
マイクロソフトさん、WSUSの脆弱性へのパッチでWindows Server 2025のホットパッチ機能を壊してしまう。CVE-2025-59287に対応するKB5070881が悪い。同KBはホットパッチ未使用のサーバのみに配信されるよう変更。KB5070893
@__kokumoto
4 Nov 2025
1226 Impressions
2 Retweets
10 Likes
3 Bookmarks
0 Replies
2 Quotes
⚠️Vulnerabilidad en productos Microsoft ❗CVE-2025-59287 ➡️Más info: https://t.co/gv7TW5aruS https://t.co/RsHLO9Fbgb
@CERTpy
3 Nov 2025
123 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Windows Server 2025 hotpatch quebrado por update de segurança: atualização KB5070881 corrige falha crítica CVE-2025-59287, mas desativa hotpatch em alguns servidores; Microsoft lançou KB5070893 para corrigir sem afetar hotpatching e orienta admins a instalar nova versão. ht
@caveiratech
3 Nov 2025
20 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A critical Microsoft WSUS vulnerability (CVE-2025-59287) rated 9.8 is being actively exploited, giving attackers remote code execution capabilities and potential control over enterprise networks. Microsoft has released an emergency patch following incomplete initial fixes, and h
@securityblvd
3 Nov 2025
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical Microsoft WSUS vulnerability (CVE-2025-59287) rated 9.8 is being actively exploited, giving attackers remote code execution capabilities and potential control over enterprise networks. Microsoft has released an emergency patch following incomplete initial fixes, and h
@securityblvd
3 Nov 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SANS Internet Storm Centerが、世界的にWindows Server Update Services(WSUS)を狙う不審な通信の急増を検知した。攻撃はCVE-2025-59287の脆弱性を悪用可能なTCPポート8530・8531へのスキャンである。
@yousukezan
3 Nov 2025
972 Impressions
0 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287 https://t.co/IXi4ZCRlLl
@samilaiho
3 Nov 2025
992 Impressions
3 Retweets
5 Likes
0 Bookmarks
2 Replies
0 Quotes
الهاكرز يستغلون ثغرة WSUS المستهدفة (CVE-2025-59287) لزرع برامج ضارة على خوادم ويندوز غير المحدثة. يجب على المؤسسات اتخاذ تدابير الوقاية واستبدال التحديثات المفق
@Cybereayn
3 Nov 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍 Le CVE-2025-59287 expose des serveurs Windows non patchés à des attaques. Les hackers exploitent une vulnérabilité de déserialization dangereuse pour déployer des malwares. Quelles mesures mettez-vous en place pour protéger vos systèmes ? 🛡️ #CVE2025_59287 https
@CyberSentinelle
3 Nov 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Yeni keşfedilen WSUS açığı (CVE-2025-59287) üzerinden bilgi hırsızı kötü amaçlı yazılımlar saldırganlar tarafından hedef alınmaya başlandı. Güvenliğinizi sağlamak için güncellemeleri göz ardı etmeyin. Siz de bu konuda ne düşünüyorsunuz? #WSUS_açı
@Siber_Kalkan_
3 Nov 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers are exploiting the recent WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers. With alarming speed, data is being exfiltrated and systems compromised. Are your defenses strong enough? #WSUS_vulnerability https://t.co/COejlzVG0Z
@CyberDailyPost
3 Nov 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
В сетях снова наблюдаются атаки, использующие уязвимость WSUS (CVE-2025-59287). Хакеры запускают инфостилеры на незащищённых серверах Windows. Убедитесь, что ваша си
@cybereye_ru
3 Nov 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Defender Alert: A Typhoon-class adversary is actively exploiting CVE-2025-59287 — a remote code execution vulnerability stemming from unsafe deserialization in WSUS. #Cybersecurity #GreyNoise #ThreatIntel #WSUSRCE https://t.co/SSPFTck5FV
@0x534c
3 Nov 2025
2869 Impressions
8 Retweets
30 Likes
6 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-59287
@transilienceai
3 Nov 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📝 𝐒𝐜𝐚𝐧𝐬 𝐟𝐨𝐫 𝐏𝐨𝐫𝐭 𝟖𝟓𝟑𝟎/𝟖𝟓𝟑𝟏 (𝐓𝐂𝐏). 𝐋𝐢𝐤𝐞𝐥𝐲 𝐫𝐞𝐥𝐚𝐭𝐞𝐝 𝐭𝐨 𝐖𝐒𝐔𝐒 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐂𝐕𝐄-𝟐𝟎𝟐𝟓-𝟓𝟗
@PurpleOps_io
2 Nov 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287, (Sun, Nov 2nd) #CISO https://t.co/ucaCC2UEmz
@compuchris
2 Nov 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[SANS Internet Storm Center] Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287, (Sun, Nov 2nd). Sensors reporting firewall logs detected a significant increase in scans for port 8530/TCP and 8531/TCP over the course... https://t.co/9SVobXmY8Y
@shah_sheikh
2 Nov 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287, (Sun, Nov 2nd) https://t.co/vcXWHzDOIS Sensors reporting firewall logs detected a significant increase in scans for port 8530/TCP and 8531/TCP over the course of last w… https://t.co/ATBM98zC1
@dlwyer
2 Nov 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287 https://t.co/zYcpGtrFmO https://t.co/tv7R6YYgUx
@sans_isc
2 Nov 2025
2357 Impressions
5 Retweets
16 Likes
1 Bookmark
0 Replies
0 Quotes
CyberDudeBivash Vulnerability Analysis Post-Mortem Report-[CVE-2025-59287] Read the full report on - https://t.co/lxRYOu8Opc https://t.co/hGpQdLdFPB
@Iambivash007
2 Nov 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CyberDudeBivash Vulnerability Analysis Post-Mortem Report-[CVE-2025-59287] Read the full report on - https://t.co/GhUy0BmmVQ
@Iambivash007
2 Nov 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Imagine patching your network… and installing malware instead.T Hackers have been aexploiting a critical RCE in Microsoft WSUS , the very system that patches Windows.CVE-2025-59287 lets attackers run code as SYSTEM and even push fake updates across networks. I broke it down
@ManMotasem
2 Nov 2025
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2025-59287 Hello! Today’s 1day1line is about CVE-2025-59287 (RCE) in WSUS — an unauthenticated RCE affecting on-premises Windows Server Update Services. Check out the post! 👇 https://t.co/ceQKf9hape
@hackyboiz
2 Nov 2025
2161 Impressions
3 Retweets
26 Likes
11 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-59287
@transilienceai
2 Nov 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
چند روز پیش آسیب پذیری خطرناکی با کد شناسایی CVE-2025-59287 از نوع RCE برای سرویس به روز رسانی ماکروسافت یعنی WSUS منتشر شد. CISA در خصوص این آسیب پذیری هشدار داده است. h
@AmirHossein_sec
1 Nov 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WSUS CRITICAL RCE CVE-2025-59287 ACTIVELY EXPLOITED: Unauth PowerShell injection steals AD data!
@huseyin_y33498
1 Nov 2025
4 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WSUS CRITICAL RCE CVE-2025-59287 ACTIVELY EXPLOITED: Unauth PowerShell injection steals AD data! ⚠️ Patch: https://t.co/OALsWiqtY9 🔗 Report: https://t.co/DYmuYS5BH8
@The_SatyaDVV
1 Nov 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 هشدار امنیتی جدید از #CISA و #NSA! سرورهای Microsoft Exchange و WSUS هنوز در معرض سوءاستفاده فعال قرار دارند. CVE-2025-59287 به مهاجمان امکان اجرای کد از راه دور میدهد. سرور
@vulnerbyte
1 Nov 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#WSUS sotto attacco: sfruttamento attivo della vulnerabilità CVE-2025-59287 https://t.co/fGGEP2axGR
@Slvlombardo
1 Nov 2025
50 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59287 WSUS Remote Code Execution - @hawktrace https://t.co/jZPRdIOPjC
@pentest_swissky
1 Nov 2025
1236 Impressions
1 Retweet
9 Likes
4 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-59287
@transilienceai
1 Nov 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat actors are actively exploiting a critical remote code execution vulnerability (CVE-2025-59287) affecting Windows Server Update Services (WSUS), https://t.co/7XGKiv5HB1 #Microsoft #Windows #threatactor #rce #Vulnerability #CybersecurityNews #CyberSecurity #threatresq
@ThreatResq
1 Nov 2025
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Thread: "WSUS RCE (CVE-2025-59287) Data Heist: Out-of-Band Patch Drops Amid Wild Chains—Hunt for PowerShell Injections!" 🚨🔧 1/5: "🚨 WSUS UNDER FIRE: CVE-2025-59287 (CVSS 9.8) RCE in Windows Server Update Services is chaining to data exfil—attackers using Base64 Power
@CybershieldHub
1 Nov 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ #ThreatAlert: Critical RCE in Windows Server Update Services (WSUS) — CVE-2025-59287 — is being exploited to deploy the Skuld infostealer. If you run WSUS: patch immediately, restrict access & monitor for abnormal post-install activity. Sources: Cyware,
@meet_cipher
1 Nov 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sophos研究者は、CVE-2025-59287を悪用した実際の攻撃を観測した。Microsoftが10月14日に修正パッチを公開、23日には緊急更新を行ったが、GitHubでPoCコードが公開されるや数時間以内に攻撃が開始された。 10月24日には
@yousukezan
31 Oct 2025
1318 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: #Attackers are exploiting a #WSUS vulnerability to deploy the nasty Skuld #infostealer via CVE-2025-59287! 😱 Your data could be at risk! Stay informed and protect your assets. 🔒 Check out the latest developments and learn how to shield yourself from these thr
@WideWatchers
31 Oct 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7200EF9B-2689-4E9E-BE9E-E00836A7D284",
"versionEndExcluding": "10.0.14393.8524"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9DDF9BE-8D0B-4027-B3F7-FFD96438E3EB",
"versionEndExcluding": "10.0.17763.7922"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDAC36D7-54A0-456B-B176-17A0B9E63C7A",
"versionEndExcluding": "10.0.20348.4297"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBA85BFD-9802-452E-97B1-6380554EF254",
"versionEndExcluding": "10.0.25398.1916"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E5FFF5B-8745-47F6-A0B7-262AA43353BB",
"versionEndExcluding": "10.0.26100.6905"
}
],
"operator": "OR"
}
]
}
]