CVE-2025-59287

Confirmed PUBLISHED

Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Microsoft · Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)

1 day faster than CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical EPSS 100.0%

At a Glance

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

cisa nuclei_scanner windows microsoft
CVE Published
Oct 14, 2025
Exploitation Reported
Jun 01, 2026
CVSS
9.8 Critical
EPSS
100.0%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Microsoft
Windows Server 2012

6.2.9200.0 to < 6.2.9200.25728

Affected
Microsoft
Windows Server 2012 (Server Core installation)

6.2.9200.0 to < 6.2.9200.25728

Affected
Microsoft
Windows Server 2012 R2

6.3.9600.0 to < 6.3.9600.22826

Affected
Microsoft
Windows Server 2012 R2 (Server Core installation)

6.3.9600.0 to < 6.3.9600.22826

Affected
Microsoft
Windows Server 2016

10.0.14393.0 to < 10.0.14393.8524

Affected
Microsoft
Windows Server 2016 (Server Core installation)

10.0.14393.0 to < 10.0.14393.8524

Affected
Microsoft
Windows Server 2019

10.0.17763.0 to < 10.0.17763.7922

Affected
Microsoft
Windows Server 2019 (Server Core installation)

10.0.17763.0 to < 10.0.17763.7922

Affected
Microsoft
Windows Server 2022

10.0.20348.0 to < 10.0.20348.4297

Affected
Microsoft
Windows Server 2022, 23H2 Edition (Server Core installation)

10.0.25398.0 to < 10.0.25398.1916

Affected
Microsoft
Windows Server 2025

10.0.26100.0 to < 10.0.26100.6905

Affected
Microsoft
Windows Server 2025 (Server Core installation)

10.0.26100.0 to < 10.0.26100.6905

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.