CVE-2025-59287

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server Update Service (WSUS) versions 2012, 2012 R2, 2016, 2019, 2022, and 23H2.

Description A critical remote code execution vulnerability exists in Windows Server Update Service (WSUS) due to unsafe deserialization of untrusted data. This allows an unauthenticated attacker to execute arbitrary code on a vulnerable system over a network. The vulnerability is actively being exploited in the wild, with proof-of-concept exploits publicly available. Attackers can gain SYSTEM-level privileges without user interaction. Several security firms have detected exploitation attempts, and CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, mandating patching for U.S. government agencies. The vulnerability stems from flaws in the deserialization process within the WSUS service, specifically related to the handling of

AuthorizationCookie

objects.

Recommendations Apply the latest security update released by Microsoft to address CVE-2025-59287. A reboot is required after installation. If patching is not immediately possible, consider temporarily disabling the WSUS Server role to minimize the risk of exploitation.