Home Microsoft CVE-2025-59287
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Microsoft

CVE-2025-59287

Exploited

Windows Server - Windows Server Update Service

Microsoft CVSS 9.8 Updated March 13, 2026

Executive Risk Summary

"A deserialization of untrusted data vulnerability in Windows Server Update Service allows an unauthorized attacker to execute code over a network, potentially leading to a full system compromise. This vulnerability is considered critical and has been exploited in the wild, making it essential to apply patches as soon as possible."

Operational Audit Arsenal

Target Type Service
Target Asset Windows Server Update Service
Standard Path %windir%\System32\wsus\wsusservice.exe
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: Windows Server Update Service (Service)
$Targets = 'Windows Server Update Service'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Windows Server Update Service

Internal Work Notes

Apply patch for CVE-2025-59287 to prevent remote code execution vulnerability in Windows Server Update Service

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

MSRC Advisoryhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
Official Advisoryhttps://hawktrace.com/blog/CVE-2025-59287
Official Advisoryhttps://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-server-wsus-flaw-exploited-in-attacks/
Official Advisoryhttps://www.vicarius.io/vsociety/posts/cve-2025-59287-detection-script-rce-vulnerability-in-windows-server-update-service
Official Advisoryhttps://www.vicarius.io/vsociety/posts/cve-2025-59287-mitigation-script-rce-vulnerability-in-windows-server-update-service
Official Advisoryhttps://gist.github.com/hawktrace/880b54fb9c07ddb028baaae401bd3951
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59287

Related Microsoft Threats

CVE-2026-31957 CVSS 10

Microsoft Azure Entra ID and Intune - Himmelblau
CVE-2025-65041 CVSS 10

Microsoft Partner Center
CVE-2026-33105 CVSS 10

Microsoft Azure Kubernetes Service - Azure Kubernetes
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.