CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2025-59287

CVSS 9.8v3.1pub. 2025-10-14upd. 2025-11-12

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

🤖 AI Analysis
How it works

The WSUS service incorrectly processes untrusted data during deserialization (CWE-502). An attacker can send a crafted network payload that is deserialized by the vulnerable service without prior authentication. This results in arbitrary code execution in the context of the attacked server.

Impact

An unauthenticated attacker can remotely gain full control of the server — access confidential data, modify systems, or disrupt their operation (complete breach of confidentiality, integrity, and availability).

Mitigation & patch

Apply patches available from the vendor according to the references (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287). CISA mandated immediate patch deployment for U.S. federal agencies. Until updates are applied, it is recommended to restrict network access to WSUS interfaces to trusted hosts only.

Who is affected

Microsoft Windows Server 2012, Windows Server 2016, Windows Server 2022, Windows Server 2022 23H2, Windows Server 2025 — with the Windows Server Update Service (WSUS) role running.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Windows Server 2012

    OS
    Microsoft
    r2
  • Microsoft Windows Server 2016

    OS
    Microsoft
    < 10.0.14393.8524
  • Microsoft Windows Server 2019

    OS
    Microsoft
    < 10.0.17763.7922
  • Microsoft Windows Server 2022

    OS
    Microsoft
    < 10.0.20348.4297
  • Microsoft Windows Server 2022 23h2

    OS
    Microsoft
    < 10.0.25398.1916
  • Microsoft Windows Server 2025

    OS
    Microsoft
    < 10.0.26100.6905

CISA KEV — detailsi

Vendori
Microsoft
Producti
Windows
Added to KEVi
October 24, 2025
Remediation deadline (US Federal)i
November 14, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 14 listopada 2025
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2020-1040CRITICAL9.0⚠ KEVten sam produkt

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...

CVE-2020-1350CRITICAL10.0⚠ KEVten sam produkt

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...

CVE-2020-0646CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...

CVE-2017-8543CRITICAL9.8⚠ KEVten sam produkt

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows S...

CVE-2015-1635CRITICAL9.8⚠ KEVten sam produkt

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 20...