CVE-2025-59287: Microsoft Windows Server Update Service (WSUS)

Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability. Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.

• CISA KEV-listed (remediation due 2025-11-14)
• EPSS 68.8% (98.6% percentile)

Detection rules

• Exploitation Activity of CVE-2025-59287 - WSUS Suspicious Child Process high
• Exploitation Activity of CVE-2025-59287 - WSUS Deserialization high
• DNS Query to External Service Interaction Domains high

Browse the CVE database

Read the full analysis on IntelFusions