CVE-2025-59287CISA KEV: Actively Exploited

Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability

Published Oct 24, 2025·Updated Oct 24, 2025

Description

Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Public Exploits & PoCs24 found

PoC: CVE-2025-59287

WSUS Unauthenticated RCE

27

PoC: Find-WSUS

Helps defenders find their WSUS configurations in the wake of CVE-2025-59287

4

PoC: WSUS-CVE-2025-59287-RCE

This is an exploit script written in C# to aid gaining a reverse shell on targets with Windows Server Update Service(WSUS) CVE-2025-59287. We will deliver a reverse shell payload through encrypted SOAP req.

1

PoC: wsus_CVE-2025-59287

Verificacion de vulnerabilidad en WSUS

1

PoC: WSUS-RCE-Mitigation-59287

Guía de respuesta rápida y script de auditoría para CVE-2025-59287 (RCE crítica en WSUS).

1

PoC: CVE-2025-59287-When-your-patch-server-becomes-the-attack-vector

CVE-2025-59287 — Critical unauthenticated RCE in Windows Server Update Services (WSUS) via unsafe deserialization of an AuthorizationCookie, enabling SYSTEM-level compromise and active exploitation; patch or isolate WSUS (ports 8530/8531) immediately.

1

PoC: CVE-2025-59287-WSUS

powershell version of hawktrace POC exploit

1

PoC: Honeypot-for-CVE-2025-59287-WSUS

Defensive PoC decoy for CVE-2025-59287 (WSUS) - emulates WSUS endpoints, captures request bodies and metadata, saves evidence for forensic analysis, and provides validation harness and detection rules.

1

PoC: CVE-2025-59287

CVE 2025 59287

PoC: CVE-2025-59287

🔍 Analyze WSUS deserialization behavior to enhance security, generate reports, and identify configuration weaknesses in your infrastructure.

PoC: CVE-2025-59287

CVE 2025 59287

PoC: CVE-2025-59287

CVE 2025 59287

PoC: gud425.github.io

CVE-2025-59287

PoC: CVE-2025-59287

CVE-2025-59287 WSUS RCE Exploit

PoC: CVE-2025-59287

WSUS vulnerability PoC

PoC: cve-2025-59287-exploit-poc

Exploitation proof-of-concept for CVE-2025-59287 - a critical vulnerability in the Windows Server Update Service (WSUS) caused by the deserialization of untrusted data. This flaw allows an unauthorized attacker to execute arbitrary code over a network, posing a significant security risk.

PoC: CVE-2025-59287

WSUS vulnerability PoC

PoC: CVE-2025-59287

CVE-2025-59287 注入WolfShell内存马

PoC: Breaking-the-Update-Chain-Inside-CVE-2025-59287-and-the-WSUS-RCE-Threat

CVE-2025-59287 is a critical RCE vulnerability in Windows Server Update Services (WSUS) caused by unsafe deserialization of untrusted data. It allows remote attackers to execute arbitrary code without authentication. Urgent patching is advised due to active exploitation.

PoC: WSUSResponder

Module PowerShell de réponse à l'incident CVE-2025-59287 — WSUS Remote Code Execution (RCE)

PoC: CVE-2025-59287

CVE-2025-59287

PoC: WSUSploit.NET

PoC for CVE-2025-59287

PoC: CVE-2025-59287

It is an Working exploit of new CVE found in WSUS.

PoC: CVE-2025-59287-hawktrace

PoC from hawktrace

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free