CVE-2025-59287

Name of the Vulnerable Software and Affected Versions Windows Server Update Service (WSUS) versions prior to the October 2025 Patch Tuesday release.

Description The Windows Server Update Service (WSUS) contains a critical remote code execution vulnerability (CVE-2025-59287) due to unsafe deserialization of untrusted data. This allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges. Active exploitation of this vulnerability has been observed, with attackers deploying malware such as ShadowPad and Skuld. Attackers are utilizing various tools and techniques, including PowerShell, to gain access and compromise systems. The vulnerability affects systems running WSUS and has been actively exploited in the wild. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog and is urging organizations to patch immediately.

Recommendations Apply the latest security update released by Microsoft to address CVE-2025-59287. If patching is not immediately possible, consider disabling the WSUS role or restricting access to ports 8530 and 8531. Monitor WSUS server logs for suspicious activity and potential exploitation attempts.