CVE-2025-59287 - Microsoft WSUS Remote Code Execution v1.0.0

CVE-2025-59287 - Microsoft WSUS Remote Code Execution Response Playbook

Author:
Cortex XSOAR
Support:
xsoar
URL:
https://www.paloaltonetworks.com/cortex
Case Management

README

Cortex XDR - CVE-2025-59287 - Microsoft WSUS Remote Code Execution

Vulnerability Overview

  • Vulnerability Name: Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
  • CVE ID: CVE-2025-59287
  • CVSS Score: 9.8 (Critical)

An unauthenticated remote code execution (RCE) vulnerability has been identified in Microsoft Windows Server Update Services (WSUS).
Source: Unit42 - Palo Alto Networks

Mitigation and Recommendations

  • Apply Patch
  • Restrict Access to the vulnerable serves
  • Monitor for IoCs and suspicious traffic

Conclusion

CVE‑2025‑59287 is a critical, remotely exploitable vulnerability in WSUS that allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges.

View official CVE details on NIST