CVE-2025-59287 – is a critical, unauthenticated remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS) caused by unsafe deserialization of untrusted data in WSUS web services.

Affected :

WSUS Server Role on supported Windows Server releases (examples called out in vendor advisories: Windows Server 2012 / 2012 R2, 2016, 2019, 2022, and 2025) where the WSUS role is enabled and the server has not applied Microsoft’s October 2025 patch update. Systems without the WSUS role enabled are not vulnerable.

How attackers exploit this vulnerability (attack vector)

Remote, unauthenticated network attack – an attacker sends crafted HTTP requests to WSUS’s reporting /web endpoints (observed against default WSUS ports 8530/8531) that exploit unsafe deserialization to execute arbitrary code as SYSTEM on the WSUS server.

CERTVU recommend:

1. Immediate Patching - Apply Microsoft’s October 2025 security update.
2. If for some reasons you cannot block immediately:
   • Block/limit HTTP access to EBS (especially the Concurrent Processing / BI Publisher endpoints) at the network parameter – restrict to trusted Ips and VPN only.
   • 2. If for some reasons you cannot block immediately:
     • Remove/disable the WSUS Server Roles on hosts that do not need it
     • Block network access to WSUS management ports (TCP 8530 and 8531)