Vulnerability Details CVE-2025-59287
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.09
EPSS Ranking 92.3%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Ransomware Campaign
Unknown
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
- https://hawktrace.com/blog/CVE-2025-59287
- https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-server-wsus-flaw-exploited-in-attacks/
- https://gist.github.com/hawktrace/880b54fb9c07ddb028baaae401bd3951
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59287
Products affected by CVE-2025-59287
-
cpe:2.3:o:microsoft:windows_server_2012:-
-
cpe:2.3:o:microsoft:windows_server_2012:r2
-
cpe:2.3:o:microsoft:windows_server_2016:-
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4467
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4886
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4946
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5066
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5125
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5192
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5246
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5291
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5356
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5427
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5501
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5582
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5648
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5717
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5850
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6085
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6167
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6351
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6452
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6614
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6796
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6897
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6981
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7070
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7159
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7259
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7336
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7428
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7515
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7606
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7699
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7876
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7969
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8066
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8148
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8246
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8330
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8416
-
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8422
-
cpe:2.3:o:microsoft:windows_server_2019:-
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.1999
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2452
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2565
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2803
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2928
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3046
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3165
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3287
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3406
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3532
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3650
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3770
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3887
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4010
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4252
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4645
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4737
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4851
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4974
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5122
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5329
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5458
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5576
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5696
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5820
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5936
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6054
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6189
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6293
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6414
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6532
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6659
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7009
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7314
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7434
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7558
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7678
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7783
-
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7792
-
cpe:2.3:o:microsoft:windows_server_2022:-
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1249
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1251
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1311
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1368
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1487
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1547
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1607
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1668
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1724
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1787
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1903
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1906
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1970
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2159
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2201
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2227
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2322
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2333
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2340
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2402
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2458
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2461
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2522
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2582
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.261
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2655
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2700
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2762
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2849
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.288
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2966
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.320
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3270
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3328
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3692
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.380
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3807
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3932
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3989
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.405
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.4052
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.407
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.4106
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.4161
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.4171
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.469
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.473
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.502
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.524
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.558
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.587
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.617
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.643
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.681
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.707
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.709
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.740
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.768
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.770
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.803
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.825
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.859
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.887
-
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.946
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:-
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1009
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1085
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1128
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1189
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1251
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1308
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1369
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1425
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1486
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1551
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1611
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1665
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1668
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1732
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1791
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1840
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1849
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.521
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.531
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.584
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.643
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.709
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.763
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.830
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.887
-
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.950
-
cpe:2.3:o:microsoft:windows_server_2025:-
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.2033
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.2314
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.2605
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.2894
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3107
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3194
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3403
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3476
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3775
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3781
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4061
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4066
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4349
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4652
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4656
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4851
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4946
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.6508
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.6563
-
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.6584