9.8

CVE-2025-59287

Warnung
Medienbericht
Exploit

Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows Server 2016 Version < 10.0.14393.8524
MicrosoftWindows Server 2019 Version < 10.0.17763.7922
MicrosoftWindows Server 2022 Version < 10.0.20348.4297
MicrosoftWindows Server 2022 23h2 Version < 10.0.25398.1916
MicrosoftWindows Server 2025 Version < 10.0.26100.6905
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

24.10.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability

Schwachstelle

Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 99.96% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
25.10.2025 09:15
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
24.10.2025 08:30
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
15.10.2025 09:43
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
15.10.2025 01:13
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
Vendor Advisory
https://gist.github.com/hawktrace/880b54fb9c07ddb028baaae401bd3951
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59287
Third Party Advisory
US Government Resource
https://hawktrace.com/blog/CVE-2025-59287
Third Party Advisory
Exploit
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-server-wsus-flaw-exploited-in-attacks/
Press/Media Coverage
https://www.vicarius.io/vsociety/posts/cve-2025-59287-detection-script-rce-vulnerability-in-windows-server-update-service
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-59287-mitigation-script-rce-vulnerability-in-windows-server-update-service
Third Party Advisory
Mitigation