Fixing and finding
Jump to remediation plan
CVE ID
CVE-2025-59287
Published 2025-10-14
Updated 6 months ago
Vendor/s
Microsoft
Product/s
Windows
Version/s
-
KEV Status
Active Exploitation
Listed in CISA's Known Exploited Vulnerabilities catalogue. Active
exploitation observed in the wild.
CVSS Score (v3.1)
9.8
/ 10
Critical
Severity Details
Base score
9.8 Critical
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Description
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CPE
Microsoft
| Product | Version Start | Version End (excl.) | Status |
|---|---|---|---|
| windows_server_2012 | - | - | vulnerable |
| windows_server_2012 | r2 | r2 | vulnerable |
| windows_server_2016 | * | 10.0.14393.8524 | vulnerable |
| windows_server_2019 | * | 10.0.17763.7922 | vulnerable |
| windows_server_2022 | * | 10.0.20348.4297 | vulnerable |
| windows_server_2022_23h2 | * | 10.0.25398.1916 | vulnerable |
| windows_server_2025 | * | 10.0.26100.6905 | vulnerable |
Related weakness (CWE)
CWE-502
Remediation plan
1
Apply official patches
Apply vendor patches immediately.
2
Update affected systems
Update to the latest patched version.
3
Restrict access
Restrict access to affected services.
4
Monitor for exploitation
Monitor for signs of exploitation.
Detection Guidance
Monitor network traffic for indicators of compromise.
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287 Vendor Advisory https://hawktrace.com/blog/CVE-2025-59287 Exploit Third Party Advisory https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-server-wsus-flaw-exploited-in-attacks/ Press/Media Coverage https://www.vicarius.io/vsociety/posts/cve-2025-59287-detection-script-rce-vulnerability-in-windows-server-update-service Third Party Advisory https://www.vicarius.io/vsociety/posts/cve-2025-59287-mitigation-script-rce-vulnerability-in-windows-server-update-service Mitigation Third Party Advisory https://gist.github.com/hawktrace/880b54fb9c07ddb028baaae401bd3951 Third Party Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59287 Third Party Advisory US Government Resource
Sources
NIST National Vulnerability Database (NVD)
CISA Known Exploited Vulnerabilities (KEV)