Skip to main content

CVE-2025-59287 - Microsoft WSUS Remote Code Execution

Download With Dependencies

CVE-2025-59287 - Microsoft WSUS Remote Code Execution Response Playbook

Cortex XDR - CVE-2025-59287 - Microsoft WSUS Remote Code Execution

Vulnerability Overview

  • Vulnerability Name: Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
  • CVE ID: CVE-2025-59287
  • CVSS Score: 9.8 (Critical)

An unauthenticated remote code execution (RCE) vulnerability has been identified in Microsoft Windows Server Update Services (WSUS).
Source: Unit42 - Palo Alto Networks

Mitigation and Recommendations

  • Apply Patch
  • Restrict Access to the vulnerable serves
  • Monitor for IoCs and suspicious traffic

Conclusion

CVE‑2025‑59287 is a critical, remotely exploitable vulnerability in WSUS that allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges.

View official CVE details on NIST

PUBLISHER

PLATFORMS

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex
CreatedDecember 3, 2025
Last ReleaseDecember 3, 2025
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.