CVE-2025-59287CRITICAL 9.8CISA KEVEPSS p100.0%
CVE-2025-59287Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
Microsoft / Windows
Description
Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Scoring
| CVSS 3.1 | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| EPSS | 99.96% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z |
| Published | 2025-10-14 |
| Last modified | 2025-11-12 |
CISA KEV entry
Added to KEV: 2025-10-24
Underlying weaknesses· 1
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
- https://hawktrace.com/blog/CVE-2025-59287
- https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-server-wsus-flaw-exploited-in-attacks/
- https://www.vicarius.io/vsociety/posts/cve-2025-59287-detection-script-rce-vulnerability-in-windows-server-update-service
- https://www.vicarius.io/vsociety/posts/cve-2025-59287-mitigation-script-rce-vulnerability-in-windows-server-update-service
- https://gist.github.com/hawktrace/880b54fb9c07ddb028baaae401bd3951
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59287
1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Deserialization of Untrusted Datacwe-502 | 0% | live |
(incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| KEVEntry | Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerabilitykev-cve-2025-59287 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.