CVE-2025-59287— Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-59287
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows Server 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows Server是美国微软(Microsoft)公司的一套服务器操作系统。 Microsoft Windows Server存在代码问题漏洞,该漏洞源于攻击者利用该漏洞可以远程执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microsoft | Windows Server 2012 | 6.2.9200.0 ~ 6.2.9200.25728 | - | |
| Microsoft | Windows Server 2012 (Server Core installation) | 6.2.9200.0 ~ 6.2.9200.25728 | - | |
| Microsoft | Windows Server 2012 R2 | 6.3.9600.0 ~ 6.3.9600.22826 | - | |
| Microsoft | Windows Server 2012 R2 (Server Core installation) | 6.3.9600.0 ~ 6.3.9600.22826 | - | |
| Microsoft | Windows Server 2016 | 10.0.14393.0 ~ 10.0.14393.8524 | - | |
| Microsoft | Windows Server 2016 (Server Core installation) | 10.0.14393.0 ~ 10.0.14393.8524 | - | |
| Microsoft | Windows Server 2019 | 10.0.17763.0 ~ 10.0.17763.7922 | - | |
| Microsoft | Windows Server 2019 (Server Core installation) | 10.0.17763.0 ~ 10.0.17763.7922 | - | |
| Microsoft | Windows Server 2022 | 10.0.20348.0 ~ 10.0.20348.4297 | - | |
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) | 10.0.25398.0 ~ 10.0.25398.1916 | - | |
| Microsoft | Windows Server 2025 | 10.0.26100.0 ~ 10.0.26100.6905 | - | |
| Microsoft | Windows Server 2025 (Server Core installation) | 10.0.26100.0 ~ 10.0.26100.6905 | - |
II. Public POCs for CVE-2025-59287
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | PoC from hawktrace | https://github.com/keeganparr1/CVE-2025-59287-hawktrace | POC Details |
| 2 | WSUS Unauthenticated RCE | https://github.com/jiansiting/CVE-2025-59287 | POC Details |
| 3 | It is an Working exploit of new CVE found in WSUS. | https://github.com/garvitv14/CVE-2025-59287 | POC Details |
| 4 | Windows Server Update Service contains an insecure deserialization vulnerability caused by deserialization of untrusted data. An unauthorized attacker with network access can exploit this to execute arbitrary code remotely, potentially leading to full system compromise. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-59287.yaml | POC Details |
| 5 | PoC for CVE-2025-59287 | https://github.com/0xBruno/WSUSploit.NET | POC Details |
| 6 | Defensive PoC decoy for CVE-2025-59287 (WSUS) - emulates WSUS endpoints, captures request bodies and metadata, saves evidence for forensic analysis, and provides validation harness and detection rules. | https://github.com/Lupovis/Honeypot-for-CVE-2025-59287-WSUS | POC Details |
| 7 | CVE-2025-59287 | https://github.com/FurkanKAYAPINAR/CVE-2025-59287 | POC Details |
| 8 | powershell version of hawktrace POC exploit | https://github.com/tecxx/CVE-2025-59287-WSUS | POC Details |
| 9 | Module PowerShell de réponse à l'incident CVE-2025-59287 — WSUS Remote Code Execution (RCE) | https://github.com/RadzaRr/WSUSResponder | POC Details |
| 10 | Helps defenders find their WSUS configurations in the wake of CVE-2025-59287 | https://github.com/mubix/Find-WSUS | POC Details |
| 11 | CVE-2025-59287 is a critical RCE vulnerability in Windows Server Update Services (WSUS) caused by unsafe deserialization of untrusted data. It allows remote attackers to execute arbitrary code without authentication. Urgent patching is advised due to active exploitation. | https://github.com/mrk336/Breaking-the-Update-Chain-Inside-CVE-2025-59287-and-the-WSUS-RCE-Threat | POC Details |
| 12 | CVE-2025-59287 — Critical unauthenticated RCE in Windows Server Update Services (WSUS) via unsafe deserialization of an AuthorizationCookie, enabling SYSTEM-level compromise and active exploitation; patch or isolate WSUS (ports 8530/8531) immediately. | https://github.com/AdityaBhatt3010/CVE-2025-59287-When-your-patch-server-becomes-the-attack-vector | POC Details |
| 13 | Guía de respuesta rápida y script de auditoría para CVE-2025-59287 (RCE crítica en WSUS). | https://github.com/esteban11121/WSUS-RCE-Mitigation-59287 | POC Details |
| 14 | Verificacion de vulnerabilidad en WSUS | https://github.com/fsanzmoya/wsus_CVE-2025-59287 | POC Details |
| 15 | CVE-2025-59287 注入WolfShell内存马 | https://github.com/0x7556/CVE-2025-59287 | POC Details |
| 16 | This is an exploit script written in C# to aid gaining a reverse shell on targets with Windows Server Update Service(WSUS) CVE-2025-59287. We will deliver a reverse shell payload through encrypted SOAP req. | https://github.com/QurtiDev/WSUS-CVE-2025-59287-RCE | POC Details |
| 17 | WSUS vulnerability PoC | https://github.com/Sid6Effect/CVE-2025-59287 | POC Details |
| 18 | Exploitation proof-of-concept for CVE-2025-59287 - a critical vulnerability in the Windows Server Update Service (WSUS) caused by the deserialization of untrusted data. This flaw allows an unauthorized attacker to execute arbitrary code over a network, posing a significant security risk. | https://github.com/dexterm300/cve-2025-59287-exploit-poc | POC Details |
| 19 | WSUS vulnerability PoC | https://github.com/th1n0/CVE-2025-59287 | POC Details |
| 20 | None | https://github.com/Twodimensionalitylevelcrossing817/CVE-2025-59287 | POC Details |
| 21 | None | https://github.com/Adel-kaka-dz/cve-2025-59287 | POC Details |
| 22 | None | https://github.com/17patmaks/CVE-2025-59287-Sigma-Rule | POC Details |
| 23 | CVE-2025-59287 | https://github.com/gud425/gud425.github.io | POC Details |
| 24 | None | https://github.com/LuemmelSec/CVE-2025-59287---WSUS-SCCM-RCE | POC Details |
| 25 | CVE 2025 59287 | https://github.com/you-dream-1hall/CVE-2025-59287 | POC Details |
| 26 | 🔍 Analyze WSUS deserialization behavior to enhance security, generate reports, and identify configuration weaknesses in your infrastructure. | https://github.com/salman5230/CVE-2025-59287 | POC Details |
| 27 | None | https://github.com/ross-ns/WSUS-CVE-2025-59287 | POC Details |
| 28 | CVE 2025 59287 | https://github.com/vatslaaeytoygag/CVE-2025-59287 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-59287
请登录查看更多情报信息。
Same Patch Batch · Microsoft · 2025-10-14 · 167 CVEs total
| CVE-2025-49708 | 9.9 CRITICAL | Microsoft Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-55315 | 9.9 CRITICAL | ASP.NET Security Feature Bypass Vulnerability |
| CVE-2025-59213 | 8.8 HIGH | Configuration Manager Elevation of Privilege Vulnerability |
| CVE-2025-58718 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2025-59295 | 8.8 HIGH | Windows URL Parsing Remote Code Execution Vulnerability |
| CVE-2025-59249 | 8.8 HIGH | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2025-59228 | 8.8 HIGH | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-58716 | 8.8 HIGH | Windows Speech Runtime Elevation of Privilege Vulnerability |
| CVE-2025-58715 | 8.8 HIGH | Windows Speech Runtime Elevation of Privilege Vulnerability |
| CVE-2025-59237 | 8.8 HIGH | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-53782 | 8.4 HIGH | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2025-59236 | 8.4 HIGH | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59292 | 8.2 HIGH | Azure Compute Gallery Elevation of Privilege Vulnerability |
| CVE-2025-59291 | 8.2 HIGH | Confidential Azure Container Instances Elevation of Privilege Vulnerability |
| CVE-2025-59250 | 8.1 HIGH | JDBC Driver for SQL Server Spoofing Vulnerability |
| CVE-2025-59233 | 7.8 HIGH | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-55697 | 7.8 HIGH | Azure Local Elevation of Privilege Vulnerability |
| CVE-2025-59207 | 7.8 HIGH | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-59231 | 7.8 HIGH | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-58714 | 7.8 HIGH | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
Showing top 20 of 167 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Windows Server 2012
- CVE-2026-27913
Windows BitLocker Security Feature Bypass Vulnerability - CVE-2026-27912
Windows Kerberos Elevation of Privilege Vulnerability - CVE-2026-26183
Remote Access Management service/API (RPC server) Elevation - CVE-2026-26154
Windows Server Update Service (WSUS) Tampering Vulnerability - CVE-2025-59188
Microsoft Failover Cluster Information Disclosure Vulnerabil
Same vendor: Microsoft
- CVE-2026-42826
Azure DevOps Information Disclosure Vulnerability - CVE-2026-35428
Azure Cloud Shell Spoofing Vulnerability - CVE-2026-35435
Azure AI Foundry Elevation of Privilege Vulnerability - CVE-2026-34327
Microsoft Partner Center Spoofing Vulnerability - CVE-2026-33844
Azure Managed Instance for Apache Cassandra Remote Code Exec
Same weakness: CWE-502
- CVE-2026-44126
Insecure deserialization - CVE-2026-5127
User Frontend: AI Powered Frontend Posting, User Directory, - CVE-2026-41586
ObjectInputStream.readObject() without ObjectInputFilter in - CVE-2026-34084
PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFac - CVE-2026-7712
MindsDB Pickle pickle.loads deserialization
V. Comments for CVE-2025-59287
No comments yet