CVE-2025-59287

ENISA EUVD: EUVD-2025-34268 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 7 articles Published: 2025-10-14

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

69.07%

probability

This CVE has a 69.07% probability of being exploited in the next 30 days.

0% Top 98.7th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Temporal

Exploit Code Maturity

Proof-of-Concept

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Description

NVD

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Affected Products

Microsoft

Windows Server 2012

6.2.9200.0

Microsoft

Windows Server 2012 (Server Core installation)

6.2.9200.0

Microsoft

Windows Server 2012 R2

6.3.9600.0

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.9600.0

Microsoft

Windows Server 2016

10.0.14393.0

microsoft

windows server 2012

microsoft

windows server 2016

microsoft

windows server 2019

microsoft

windows server 2022

microsoft

windows server 2022 23h2

Microsoft

Windows Server 2012

6.2.9200.0 <6.2.9200.25722

Microsoft

Windows Server 2022, 23H2 Edition (Server Core installation)

10.0.25398.0 <10.0.25398.1913

Microsoft

Windows Server 2025

10.0.26100.0 <10.0.26100.6899

Microsoft

Windows Server 2016

10.0.14393.0 <10.0.14393.8519

Microsoft

Windows Server 2022, 23H2 Edition (Server Core installation)

10.0.25398.0 <10.0.25398.1916

Microsoft

Windows Server 2019

10.0.17763.0 <10.0.17763.7922

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.9600.0 <6.3.9600.22826

Microsoft

Windows Server 2012 R2

6.3.9600.0 <6.3.9600.22826

Microsoft

Windows Server 2012

6.2.9200.0 <6.2.9200.25728

Microsoft

Windows Server 2019 (Server Core installation)

10.0.17763.0 <10.0.17763.7919

Microsoft

Windows Server 2012 (Server Core installation)

6.2.9200.0 <6.2.9200.25722

Microsoft

Windows Server 2025

10.0.26100.0 <10.0.26100.6905

Microsoft

Windows Server 2016 (Server Core installation)

10.0.14393.0 <10.0.14393.8519

Microsoft

Windows Server 2012 (Server Core installation)

6.2.9200.0 <6.2.9200.25728

Microsoft

Windows Server 2016 (Server Core installation)

10.0.14393.0 <10.0.14393.8524

Microsoft

Windows Server 2025 (Server Core installation)

10.0.26100.0 <10.0.26100.6905

Microsoft

Windows Server 2022

10.0.20348.0 <10.0.20348.4294

Microsoft

Windows Server 2019 (Server Core installation)

10.0.17763.0 <10.0.17763.7922

Microsoft

Windows Server 2016

10.0.14393.0 <10.0.14393.8524

Microsoft

Windows Server 2025 (Server Core installation)

10.0.26100.0 <10.0.26100.6899

Microsoft

Windows Server 2012 R2

6.3.9600.0 <6.3.9600.22824

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.9600.0 <6.3.9600.22824

Microsoft

Windows Server 2022

10.0.20348.0 <10.0.20348.4297

Microsoft

Windows Server 2019

10.0.17763.0 <10.0.17763.7919

Attack Intelligence

CWE-502 · Deserialization of Untrusted Data CWE-664 · Improper Control of a Resource Through its Lifetime CWE-913 · Improper Control of Dynamically-Managed Code Resources

Exploits & PoC

M507/CVE-2025-59287-PoC

Unauthenticated RCE PoC in Microsoft Windows Server Update Service (WSUS) - CVE-2025-59287 & CVE-2023-35317

13 2025-12-10

LuemmelSec/CVE-2025-59287---WSUS-SCCM-RCE

2 2026-01-16

Twodimensionalitylevelcrossing817/CVE-2025-59287

1 2025-11-15

Adel-kaka-dz/cve-2025-59287

1 2025-11-21

gud425/gud425.github.io

CVE-2025-59287

0 2025-12-26

salman5230/CVE-2025-59287

🔍 Analyze WSUS deserialization behavior to enhance security, generate reports, and identify configuration weaknesses in your infrastructure.

0 2026-05-23

ross-ns/WSUS-CVE-2025-59287

0 2026-02-18

swoon69/CVE-2025-59287-Exercise-Use

0 2026-03-09

8 repos — triés par ⭐ Rechercher sur GitHub ↗

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287

vendor-advisory patch

Signal Intelligence

Confidenceⓘ

92%

EPSS 69.07%

CVSS v3.1 9.8

Mentions 7

Last Seen Nov 24, 2025

CNA Information

CNA Assigner

microsoft

CNA Title

Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Analyst Note

CVE-2025-59287 shows clear zero-day indicators: Microsoft released an out-of-band patch on 2025-10-14, and multiple authoritative sources (TheHackerNews, BleepingComputer) explicitly document active exploitation in the wild occurring concurrently with patch availability. ShadowPad malware exploitation and CISA/NSA guidance further corroborate active attacks. The timing aligns with zero-day criteria (exploitation simultaneous with patch).