CVE-2025-59287
Published Oct 14, 2025
Last updated 3 months ago
AI description
CVE-2025-59287 is a remote code execution vulnerability affecting the Windows Server Update Service (WSUS). The vulnerability stems from the deserialization of untrusted data within WSUS. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted event that triggers unsafe object deserialization within a legacy serialization mechanism. Successful exploitation allows the attacker to execute arbitrary code on the target system.
- Description
- Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Oct 24, 2025
- Exploit action due
- Nov 14, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-502
- Hype score
- Not currently trending
⚠️ Alerte critique : vos mises à jour Windows peuvent vous infecter ! La faille CVE-2025-59287 détourne Windows Server Update pour distribuer des malwares 🐞 👉 À lire d’urgence : https://t.co/GNi0OJrl72
@itsocial_fr
20 Jan 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🏴☠️Wsman-Guardian — Passive WS-Man / CIM Inspector • CVE-2025-59287 Aware • MITRE ATT&CK Aligned https://t.co/J21IEvNEvU ☠ Brute-Force CIM ☠ WMI-DMZ-Scan | WIP ☠ PowerShell over Linux/OSX ( Could Use Some Feedback from Windows ) #InfoSec #infosecurity
@3xCypher
5 Jan 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59287: Microsoft WSUS RCE exploited in the wild https://t.co/t1Mq8oI0Hq https://t.co/pbghABYMcR
@ErcanSah1n
2 Jan 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Proof of working exploit CVE-2025-59287 (WSUS) https://t.co/nbcphTtsFk
@rbinrs
1 Jan 2026
78 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59287 Auto Exploit (WSUS) https://t.co/2DJE1Qk9U3
@rbinrs
1 Jan 2026
96 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
How (CVE-2025-59287) WSUS Servers are auto exploited? https://t.co/jN3LKTQxTz
@rbinrs
1 Jan 2026
94 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
تحليل ثغرة CVE-2025-59287 في ملفات تفريغ الذاكرة. لمزيد من التفاصيل يمكنكم متابعة الرابط التالي: https://t.co/wYfLghdxtD #الأمن_السيبراني #CVE2025_59287 #تحليل_الثغرات
@fad_777
29 Dec 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hunting CVE-2025-59287 in Memory Dumps https://t.co/RmEuUzXiEP
@Dinosn
28 Dec 2025
1589 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
#CyberSecurity #VulnerabilityReport Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor https://t.co/ZX8EV0pA1C
@Komodosec
27 Dec 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Increase in scans for ports 8530/8531 (TCP) indicates WSUS Vulnerability CVE-2025-59287 exploitation. Secure your servers now. #Cybersecurity #DigitalRiskManagement https://t.co/RULqfVODk1
@breachwire_io
19 Dec 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access https://t.co/pOMMxFnhG1 Security teams warn that attackers are abusing a recently patched remote-code-execution flaw in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287
@Huntio
4 Dec 2025
1977 Impressions
8 Retweets
23 Likes
5 Bookmarks
0 Replies
1 Quote
ShadowPad Malware Exploits WSUS Vulnerability for Full System Access 🚨💥 ShadowPad malware has been used to target Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access. Threat actors exploit this vulnerability to gain full system access. ⚠️ ht
@HackonomicNews
2 Dec 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WSUS servers just became a hacker's favorite backdoor. CVE-2025-59287 turns trusted update systems into remote code execution launchpads. If your organization relies on Windows Server Update Services, this vulnerability changes everything. Attackers with authenticated access can
@Optrics
2 Dec 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-59287
@transilienceai
2 Dec 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#VulnerabilityReport #cybersecurity CRITICAL ALERT: Windows Server WSUS Flaw Actively Exploited (CVE-2025-59287, CVSS 9.8) https://t.co/pln1QJKNim
@Komodosec
30 Nov 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad exploits WSUS RCE (CVE-2025-59287) to deliver payloads—patch WSUS now, monitor update traffic for anomalies. https://t.co/KBg8TEnh6o #infosec #CVE2025-59287 #RCE #Malware
@_UncleHacker_
30 Nov 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🐍 CVE-2025-59287 ⭐ 113 stars **"Découvrez l'exploitation critique de CVE-2025-59287 sur WSUS !"** #GitHub https://t.co/zuti3WiL9a
@clxymox
29 Nov 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔴 CRITICAL: KB5068787 patches 2 zero-days actively exploited in the wild 🛡️ CVE-2025-62215 — Windows Kernel privilege escalation 🛡️ CVE-2025-59287 — WSUS remote code execution (CVSS 9.8) ⏰ WSUS servers: Patch within 24-48 hours 📖 Full deployment guide + st
@ctrlaltnod
29 Nov 2025
100 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft Windows Server Update Services [—] Nov 28, 2025 Security advisory regarding CVE-2025-59287 exploitation in Microsoft Windows Server Update Services. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/CXM3ZJQnRY
@transilienceai
28 Nov 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad Malware Actively Exploits WSUS Vulnerability (CVE-2025-59287) for Full System Access via @TheHackersNews #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/CNXqBlsgVa
@proficioinc
27 Nov 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad malware riding a WSUS bug (CVE-2025-59287) to spy on networks. Yes, even fully patched servers were hit. SMBs: treat this as a data-breach drill. Verify WSUS patches, review logs, and lock down update servers now. https://t.co/PxrVGRkkMr #CyberSecurity #PatchManagement
@lowcountrycyber
26 Nov 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actor exploiting CVE-2025-59287 (Windows WSUS Remote Code Execution Vulnerability) from AS 30236 ( CRONOMAGIC-1 ) 🇨🇦 VirusTotal Detections: 0/95 🟢 Link to event 👇 https://t.co/peqKMdDL47
@DefusedCyber
26 Nov 2025
4339 Impressions
0 Retweets
11 Likes
2 Bookmarks
0 Replies
1 Quote
ShadowPad Malware Exploits New Windows Bug Millions at Risk A newly patched Windows flaw (CVE-2025-59287) is being actively exploited to hijack WSUS servers the core of Windows updates. Hackers are using built-in tools like curl and certutil to quietly install the
@sddatech
25 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Hackers are using a fixed Windows bug (CVE-2025-59287) to spread ShadowPad malware through WSUS servers. They used normal Windows tools like curl and certutil to install it — a method seen before in Chinese hacking groups. Systems patched too late may have already been..
@bountyayush
25 Nov 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad riding in on WSUS? Attackers abused CVE-2025-59287 to push malware via a now-patched bug. If you run WSUS, unpatched boxes mean data theft and quiet snooping. Patch all update servers and hunt for odd WSUS activity. https://t.co/PxrVGRkkMr #CyberSecurity #PatchNow
@lowcountrycyber
25 Nov 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287) Nov 19 2025 https://t.co/AL3X4xPdLJ
@tdatwja
25 Nov 2025
275 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Warning: Critical remote code execution vulnerability, CVE-2025-59287, in Windows Server Update Services (WSUS) is actively exploited by threat actors to deliver #ShadowPad malware for initial access. https://t.co/Ote3TnXqTQ #Patch #Patch #Patch
@CCBalert
25 Nov 2025
55 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
سائبر سیکیورٹی ماہرین نے خبردار کیا ہے کہ خطرناک مالویئر شیڈو پیڈ ونڈوز سرور اپڈیٹ سسٹم کی حال ہی میں پیچ کی گئی کمزوری (CVE-2025-59287) کا فائدہ اٹھاتے ہوئے سرور
@VisionPointPK
25 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. https://t.co/aWtWOaBHLl
@cyberkilllist
25 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers are exploiting the critical #WSUS flaw #CVE-2025-59287 to gain SYSTEM-level remote code execution and deploy #ShadowPad, a modular backdoor linked to Chinese state-sponsored actors. They use #PowerCat for shell access, then download the payload with tools like certutil
@ZeroDayFacts
25 Nov 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔸 گزارش جدید شرکت AhnLab نشان میدهد که بازیگران تهدید دولتی وابسته به چین در حال سوءاستفاده فعال از آسیبپذیری CVE-2025-59287 در Windows Server Update Services (WSUS) هستند. https
@nedawitter
25 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Researchers reported that attackers exploited the patched WSUS flaw CVE-2025-59287 to deliver ShadowPad malware, using PowerCat for a shell and executing curl and certutil to install it, highlighting the critical need for organizations to patch and secur… https://t.co/9BVaq2UWd
@Cyber_O51NT
25 Nov 2025
740 Impressions
5 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
ShadowPadがWSUS脆弱性CVE-2025-59287を悪用しSYSTEM権限 https://t.co/RgyR9SMGnj #Security #セキュリティー #ニュース
@SecureShield_
25 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Falha crítica no WSUS permite distribuição do malware ShadowPad: Ataques exploram a vulnerabilidade CVE-2025-59287 no Windows Server Update Services para instalar ShadowPad, um backdoor modular usado por grupos chineses, com execução remota e técnicas avançadas de persist
@caveiratech
24 Nov 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat actors leveraged the patched WSUS RCE (CVE-2025-59287) to drop ShadowPad, using a shell triggers log review for post-patch abuse. https://t.co/a88ydQxCKC #infosec #CVE2025-59287
@_UncleHacker_
24 Nov 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad riding in on your Windows updates? Attackers abused a WSUS bug (CVE-2025-59287) to drop malware and spy on networks. SMBs: patch WSUS now or risk data theft and quiet espionage. Details: https://t.co/PxrVGRkkMr #CyberSecurity #PatchManagement
@lowcountrycyber
24 Nov 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Technical Release Report: ShadowPad Delivered Through Active Exploitation of WSUS Critical Flaw #CVE-2025-59287 https://t.co/nJ9MPip9lt
@UndercodeNews
24 Nov 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Analisi attacco ShadowPad che sfrutta CVE-2025-59287 su WSUS Guerra Cibernetica, ahnlab, apt, backdoor, cina, ShadowPad, WSUS https://t.co/7D6fL6Jutu https://t.co/H0q7ld2AND
@matricedigitale
24 Nov 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Attackers are exploiting the critical WSUS flaw CVE-2025-59287 to gain SYSTEM-level remote code execution and deploy ShadowPad, a modular backdoor linked to Chinese state-sponsored actors. They use PowerCat for shell access, then download the payload with tools like htt
@H4ckmanac
24 Nov 2025
11841 Impressions
39 Retweets
105 Likes
39 Bookmarks
1 Reply
0 Quotes
ShadowPad malware is now being deployed through active exploitation of CVE-2025-59287 in WSUS. Attackers gain system-level access, use PowerCat for shells, then install ShadowPad via certutil/curl - all hidden through DLL side-loading. How prepared are orgs for attacks targeting
@TechNadu
24 Nov 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad malware is actively exploiting the recently patched WSUS vulnerability CVE-2025-59287, enabling remote code execution and full system access via PowerShell tools. #ShadowPad #WSUSExploit #China https://t.co/Tf2DsFjwdA
@TweetThreatNews
24 Nov 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat actors are exploiting a critical WSUS vulnerability (CVE-2025-59287) to deploy ShadowPad malware and gain full system access on Windows Servers. Update now! ⚠️ https://t.co/pFNConOsqQ #ShadowPad #WSUSExploit #CyberAttack #CVE202559287 #MalwareAlert
@0xT3chn0m4nc3r
24 Nov 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 استغل مخترقون ثغرة أمنية تم تصحيحها حديثًا في خدمة Windows Server Update Services (WSUS) لنشر برامج ضارة تُعرف باسم ShadowPad. وقد استهدف المعتدون خوادم ويندوز التي تدعم WSUS
@Cybercachear
24 Nov 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers are using a fixed Windows bug (CVE-2025-59287) to spread ShadowPad malware through WSUS servers. They used normal Windows tools like curl and certutil to install it — a method seen before in Chinese hacking groups. Systems patched too late may have already been h
@TheHackersNews
24 Nov 2025
79667 Impressions
131 Retweets
354 Likes
96 Bookmarks
4 Replies
7 Quotes
We’ve released updated information on vulnerable product identification & threat detections to address CVE-2025-59287, a critical remote code execution vulnerability affecting Windows Server Update Service. Review our Alert & take immediate action. https://t.co/jhHeTB98
@GlobalSecHQ
23 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WSUS RCE CVE-2025-59287 is under active exploit, with ShadowPad riding via compromised update chains. Kernel LPE CVE-2025-62215 also patched. Patch WSUS and Windows, then maybe breathe. #infosec https://t.co/Bv04pu4qas
@threatcluster
23 Nov 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-59287
@transilienceai
23 Nov 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-59287
@transilienceai
22 Nov 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Huntress uncovered threat actors exploiting WSUS RCE (CVE-2025-59287) to deploy Velociraptor via a malicious MSI from s3.wasabisys[.]com, setting up C2 through update[.]githubtestbak[.]workers[.]dev. #WSUSExploit #Velociraptor #USA https://t.co/y1YiQsutHW
@TweetThreatNews
22 Nov 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59287 Impact: Assessing Long-Term Costs & Security Posture https://t.co/PGXjtn12Z4
@centcapglobal
21 Nov 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7200EF9B-2689-4E9E-BE9E-E00836A7D284",
"versionEndExcluding": "10.0.14393.8524"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9DDF9BE-8D0B-4027-B3F7-FFD96438E3EB",
"versionEndExcluding": "10.0.17763.7922"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDAC36D7-54A0-456B-B176-17A0B9E63C7A",
"versionEndExcluding": "10.0.20348.4297"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBA85BFD-9802-452E-97B1-6380554EF254",
"versionEndExcluding": "10.0.25398.1916"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E5FFF5B-8745-47F6-A0B7-262AA43353BB",
"versionEndExcluding": "10.0.26100.6905"
}
],
"operator": "OR"
}
]
}
]