Actively exploited vulnerability

CVE-2025-59287: Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability

Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.

CISA KEV source 24 Oct 2025 added 14 Nov 2025 remediation due

Affected product

Microsoft · Windows

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Related Yasna coverage

Recent reporting that mentions CVE-2025-59287.

The Register28 Oct 2025

WSUS attacks hit 'multiple' orgs as Google and other infosec sleuths ring Redmond’s alarm bell

If at first you don’t succeed, patch and patch again More threat intel teams are sounding the alarm about a critical Windows Server Update Services (WSUS) remote code execution vulnerability, tracked as CVE-2025-59287 and now under active exploitation, just days after Microsoft pushed an emergency patch and the US Cybersecurity and Infrastructure Security Agency added the bug to its Known Exploited Vulnerabilities catalog.…