Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-59287 PoC — Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Source
https://github.com/jiansiting/CVE-2025-59287
Associated Vulnerability
Title:Windows Server Update Service (WSUS) Remote Code Execution Vulnerability (CVE-2025-59287)
Description:Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Description
WSUS Unauthenticated RCE
Readme
In this study, we will examine a critical vulnerability (CVE-2025-59287) discovered in the Microsoft Windows Server Update Services (WSUS) environment. This vulnerability arises from the unsafe deserialization of AuthorizationCookie objects sent to the GetCookie() endpoint, where encrypted cookie data is decrypted using AES-128-CBC and subsequently deserialized through BinaryFormatter without proper type validation, enabling remote code execution with SYSTEM privileges.

This EXP requires obtaining the key of Wusu first. This key needs to be obtained through other attack methods. This point needs to be clarified.
File Snapshot

 [4.0K]  /data/pocs/ccfe7c64debb08f042dd5c58009e2ec36a67de49
├── [4.9K]  cve-2025-59287-encrypt.py
├── [ 12K]  cve-2025-59287-exp.py
└── [ 621]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →