CVE-2025-59287
Published Oct 14, 2025
Last updated 4 months ago
- Description
- Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Oct 24, 2025
- Exploit action due
- Nov 14, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-502
- Hype score
- Not currently trending
Critical Windows Server WSUS Vulnerability Exploited in the Wild CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available. The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on Se.
@SecurityAid
16 Mar 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Found CVE-2025-59287 kinda hard to exploit target: BBP open to collab 50/50 #BugBounty #hackerone #idor #sqlinjection #bugbountytip #xss #injection https://t.co/oAe9yB9lZw
@mugh33ra
8 Mar 2026
6940 Impressions
7 Retweets
123 Likes
55 Bookmarks
8 Replies
0 Quotes
Found CVE-2025-59287 kinda hard to exploit target: BBP open to collab 50/50 #BugBounty #hackerone #idor #sqlinjection #bugbountytip #xss #injection https://t.co/3TgiKfqHSO
@mugh33ra
8 Mar 2026
92 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-59287 — ثغرة WSUS ثغرة حرجة في Windows Server Update Services تُمكّن مهاجم من تنفيذ كود عن بُعد بصلاحية SYSTEM. ** إجراء فوري: ثبّت تحديث مايكروسوفت الخاص بالـ WSUS فوراً،
@MjodQ95
10 Feb 2026
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The following vulnerabilities have been added to our feed: CVE-2025-53136: NT OS KASLR Bypass CVE-2025-30397: Internet Explorer/Edge Chakra Engine RCE CVE-2025-59287: Windows Server Update RCE CVE-2025-24893: XWiki Groovy Injection RCE https://t.co/Nw6eZdtCs8
@crowdfense
5 Feb 2026
1725 Impressions
5 Retweets
25 Likes
15 Bookmarks
0 Replies
0 Quotes
⚠️ Alerte critique : vos mises à jour Windows peuvent vous infecter ! La faille CVE-2025-59287 détourne Windows Server Update pour distribuer des malwares 🐞 👉 À lire d’urgence : https://t.co/GNi0OJrl72
@itsocial_fr
20 Jan 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🏴☠️Wsman-Guardian — Passive WS-Man / CIM Inspector • CVE-2025-59287 Aware • MITRE ATT&CK Aligned https://t.co/J21IEvNEvU ☠ Brute-Force CIM ☠ WMI-DMZ-Scan | WIP ☠ PowerShell over Linux/OSX ( Could Use Some Feedback from Windows ) #InfoSec #infosecurity
@3xCypher
5 Jan 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59287: Microsoft WSUS RCE exploited in the wild https://t.co/t1Mq8oI0Hq https://t.co/pbghABYMcR
@ErcanSah1n
2 Jan 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Proof of working exploit CVE-2025-59287 (WSUS) https://t.co/nbcphTtsFk
@rbinrs
1 Jan 2026
78 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59287 Auto Exploit (WSUS) https://t.co/2DJE1Qk9U3
@rbinrs
1 Jan 2026
96 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
How (CVE-2025-59287) WSUS Servers are auto exploited? https://t.co/jN3LKTQxTz
@rbinrs
1 Jan 2026
94 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
تحليل ثغرة CVE-2025-59287 في ملفات تفريغ الذاكرة. لمزيد من التفاصيل يمكنكم متابعة الرابط التالي: https://t.co/wYfLghdxtD #الأمن_السيبراني #CVE2025_59287 #تحليل_الثغرات
@fad_777
29 Dec 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hunting CVE-2025-59287 in Memory Dumps https://t.co/RmEuUzXiEP
@Dinosn
28 Dec 2025
1589 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
#CyberSecurity #VulnerabilityReport Critical WSUS RCE (CVE-2025-59287) Actively Exploited to Deploy ShadowPad Backdoor https://t.co/ZX8EV0pA1C
@Komodosec
27 Dec 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Increase in scans for ports 8530/8531 (TCP) indicates WSUS Vulnerability CVE-2025-59287 exploitation. Secure your servers now. #Cybersecurity #DigitalRiskManagement https://t.co/RULqfVODk1
@breachwire_io
19 Dec 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access https://t.co/pOMMxFnhG1 Security teams warn that attackers are abusing a recently patched remote-code-execution flaw in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287
@Huntio
4 Dec 2025
1977 Impressions
8 Retweets
23 Likes
5 Bookmarks
0 Replies
1 Quote
ShadowPad Malware Exploits WSUS Vulnerability for Full System Access 🚨💥 ShadowPad malware has been used to target Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access. Threat actors exploit this vulnerability to gain full system access. ⚠️ ht
@HackonomicNews
2 Dec 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WSUS servers just became a hacker's favorite backdoor. CVE-2025-59287 turns trusted update systems into remote code execution launchpads. If your organization relies on Windows Server Update Services, this vulnerability changes everything. Attackers with authenticated access can
@Optrics
2 Dec 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-59287
@transilienceai
2 Dec 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#VulnerabilityReport #cybersecurity CRITICAL ALERT: Windows Server WSUS Flaw Actively Exploited (CVE-2025-59287, CVSS 9.8) https://t.co/pln1QJKNim
@Komodosec
30 Nov 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad exploits WSUS RCE (CVE-2025-59287) to deliver payloads—patch WSUS now, monitor update traffic for anomalies. https://t.co/KBg8TEnh6o #infosec #CVE2025-59287 #RCE #Malware
@_UncleHacker_
30 Nov 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🐍 CVE-2025-59287 ⭐ 113 stars **"Découvrez l'exploitation critique de CVE-2025-59287 sur WSUS !"** #GitHub https://t.co/zuti3WiL9a
@clxymox
29 Nov 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔴 CRITICAL: KB5068787 patches 2 zero-days actively exploited in the wild 🛡️ CVE-2025-62215 — Windows Kernel privilege escalation 🛡️ CVE-2025-59287 — WSUS remote code execution (CVSS 9.8) ⏰ WSUS servers: Patch within 24-48 hours 📖 Full deployment guide + st
@ctrlaltnod
29 Nov 2025
100 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft Windows Server Update Services [—] Nov 28, 2025 Security advisory regarding CVE-2025-59287 exploitation in Microsoft Windows Server Update Services. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/CXM3ZJQnRY
@transilienceai
28 Nov 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad Malware Actively Exploits WSUS Vulnerability (CVE-2025-59287) for Full System Access via @TheHackersNews #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/CNXqBlsgVa
@proficioinc
27 Nov 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad malware riding a WSUS bug (CVE-2025-59287) to spy on networks. Yes, even fully patched servers were hit. SMBs: treat this as a data-breach drill. Verify WSUS patches, review logs, and lock down update servers now. https://t.co/PxrVGRkkMr #CyberSecurity #PatchManagement
@lowcountrycyber
26 Nov 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actor exploiting CVE-2025-59287 (Windows WSUS Remote Code Execution Vulnerability) from AS 30236 ( CRONOMAGIC-1 ) 🇨🇦 VirusTotal Detections: 0/95 🟢 Link to event 👇 https://t.co/peqKMdDL47
@DefusedCyber
26 Nov 2025
4339 Impressions
0 Retweets
11 Likes
2 Bookmarks
0 Replies
1 Quote
ShadowPad Malware Exploits New Windows Bug Millions at Risk A newly patched Windows flaw (CVE-2025-59287) is being actively exploited to hijack WSUS servers the core of Windows updates. Hackers are using built-in tools like curl and certutil to quietly install the
@sddatech
25 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Hackers are using a fixed Windows bug (CVE-2025-59287) to spread ShadowPad malware through WSUS servers. They used normal Windows tools like curl and certutil to install it — a method seen before in Chinese hacking groups. Systems patched too late may have already been..
@bountyayush
25 Nov 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad riding in on WSUS? Attackers abused CVE-2025-59287 to push malware via a now-patched bug. If you run WSUS, unpatched boxes mean data theft and quiet snooping. Patch all update servers and hunt for odd WSUS activity. https://t.co/PxrVGRkkMr #CyberSecurity #PatchNow
@lowcountrycyber
25 Nov 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287) Nov 19 2025 https://t.co/AL3X4xPdLJ
@tdatwja
25 Nov 2025
275 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Warning: Critical remote code execution vulnerability, CVE-2025-59287, in Windows Server Update Services (WSUS) is actively exploited by threat actors to deliver #ShadowPad malware for initial access. https://t.co/Ote3TnXqTQ #Patch #Patch #Patch
@CCBalert
25 Nov 2025
55 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
سائبر سیکیورٹی ماہرین نے خبردار کیا ہے کہ خطرناک مالویئر شیڈو پیڈ ونڈوز سرور اپڈیٹ سسٹم کی حال ہی میں پیچ کی گئی کمزوری (CVE-2025-59287) کا فائدہ اٹھاتے ہوئے سرور
@VisionPointPK
25 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. https://t.co/aWtWOaBHLl
@cyberkilllist
25 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers are exploiting the critical #WSUS flaw #CVE-2025-59287 to gain SYSTEM-level remote code execution and deploy #ShadowPad, a modular backdoor linked to Chinese state-sponsored actors. They use #PowerCat for shell access, then download the payload with tools like certutil
@ZeroDayFacts
25 Nov 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔸 گزارش جدید شرکت AhnLab نشان میدهد که بازیگران تهدید دولتی وابسته به چین در حال سوءاستفاده فعال از آسیبپذیری CVE-2025-59287 در Windows Server Update Services (WSUS) هستند. https
@nedawitter
25 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Researchers reported that attackers exploited the patched WSUS flaw CVE-2025-59287 to deliver ShadowPad malware, using PowerCat for a shell and executing curl and certutil to install it, highlighting the critical need for organizations to patch and secur… https://t.co/9BVaq2UWd
@Cyber_O51NT
25 Nov 2025
740 Impressions
5 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
ShadowPadがWSUS脆弱性CVE-2025-59287を悪用しSYSTEM権限 https://t.co/RgyR9SMGnj #Security #セキュリティー #ニュース
@SecureShield_
25 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Falha crítica no WSUS permite distribuição do malware ShadowPad: Ataques exploram a vulnerabilidade CVE-2025-59287 no Windows Server Update Services para instalar ShadowPad, um backdoor modular usado por grupos chineses, com execução remota e técnicas avançadas de persist
@caveiratech
24 Nov 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat actors leveraged the patched WSUS RCE (CVE-2025-59287) to drop ShadowPad, using a shell triggers log review for post-patch abuse. https://t.co/a88ydQxCKC #infosec #CVE2025-59287
@_UncleHacker_
24 Nov 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad riding in on your Windows updates? Attackers abused a WSUS bug (CVE-2025-59287) to drop malware and spy on networks. SMBs: patch WSUS now or risk data theft and quiet espionage. Details: https://t.co/PxrVGRkkMr #CyberSecurity #PatchManagement
@lowcountrycyber
24 Nov 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Technical Release Report: ShadowPad Delivered Through Active Exploitation of WSUS Critical Flaw #CVE-2025-59287 https://t.co/nJ9MPip9lt
@UndercodeNews
24 Nov 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Analisi attacco ShadowPad che sfrutta CVE-2025-59287 su WSUS Guerra Cibernetica, ahnlab, apt, backdoor, cina, ShadowPad, WSUS https://t.co/7D6fL6Jutu https://t.co/H0q7ld2AND
@matricedigitale
24 Nov 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Attackers are exploiting the critical WSUS flaw CVE-2025-59287 to gain SYSTEM-level remote code execution and deploy ShadowPad, a modular backdoor linked to Chinese state-sponsored actors. They use PowerCat for shell access, then download the payload with tools like htt
@H4ckmanac
24 Nov 2025
11841 Impressions
39 Retweets
105 Likes
39 Bookmarks
1 Reply
0 Quotes
ShadowPad malware is now being deployed through active exploitation of CVE-2025-59287 in WSUS. Attackers gain system-level access, use PowerCat for shells, then install ShadowPad via certutil/curl - all hidden through DLL side-loading. How prepared are orgs for attacks targeting
@TechNadu
24 Nov 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ShadowPad malware is actively exploiting the recently patched WSUS vulnerability CVE-2025-59287, enabling remote code execution and full system access via PowerShell tools. #ShadowPad #WSUSExploit #China https://t.co/Tf2DsFjwdA
@TweetThreatNews
24 Nov 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat actors are exploiting a critical WSUS vulnerability (CVE-2025-59287) to deploy ShadowPad malware and gain full system access on Windows Servers. Update now! ⚠️ https://t.co/pFNConOsqQ #ShadowPad #WSUSExploit #CyberAttack #CVE202559287 #MalwareAlert
@0xT3chn0m4nc3r
24 Nov 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 استغل مخترقون ثغرة أمنية تم تصحيحها حديثًا في خدمة Windows Server Update Services (WSUS) لنشر برامج ضارة تُعرف باسم ShadowPad. وقد استهدف المعتدون خوادم ويندوز التي تدعم WSUS
@Cybercachear
24 Nov 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers are using a fixed Windows bug (CVE-2025-59287) to spread ShadowPad malware through WSUS servers. They used normal Windows tools like curl and certutil to install it — a method seen before in Chinese hacking groups. Systems patched too late may have already been h
@TheHackersNews
24 Nov 2025
79667 Impressions
131 Retweets
354 Likes
96 Bookmarks
4 Replies
7 Quotes
We’ve released updated information on vulnerable product identification & threat detections to address CVE-2025-59287, a critical remote code execution vulnerability affecting Windows Server Update Service. Review our Alert & take immediate action. https://t.co/jhHeTB98
@GlobalSecHQ
23 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7200EF9B-2689-4E9E-BE9E-E00836A7D284",
"versionEndExcluding": "10.0.14393.8524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DDF9BE-8D0B-4027-B3F7-FFD96438E3EB",
"versionEndExcluding": "10.0.17763.7922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDAC36D7-54A0-456B-B176-17A0B9E63C7A",
"versionEndExcluding": "10.0.20348.4297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA85BFD-9802-452E-97B1-6380554EF254",
"versionEndExcluding": "10.0.25398.1916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5FFF5B-8745-47F6-A0B7-262AA43353BB",
"versionEndExcluding": "10.0.26100.6905",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]