msrc_cve-2025-59287
Vulnerability from csaf_microsoft
Published
2025-10-14 07:00
Modified
2025-10-24 07:00
Summary
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action
Required. The vulnerability documented by this CVE requires customer action to resolve.
{
"document": {
"acknowledgments": [
{
"names": [
"\u003ca href=\"https://twitter.com/mwulftange\"\u003eMarkus Wulftange\u003c/a\u003e with \u003ca href=\"https://code-white.com/\"\u003eCODE WHITE GmbH\u003c/a\u003e"
]
},
{
"names": [
"MEOW"
]
},
{
"names": [
"f7d8c52bec79e42795cf15888b85cbad"
]
},
{
"names": [
"MEOW"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287"
},
{
"category": "self",
"summary": "CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-59287.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Windows Server Update Service (WSUS) Remote Code Execution Vulnerability",
"tracking": {
"current_release_date": "2025-10-24T07:00:00.000Z",
"generator": {
"date": "2025-10-24T14:05:47.973Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-59287",
"initial_release_date": "2025-10-14T07:00:00.000Z",
"revision_history": [
{
"date": "2025-10-14T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-10-23T07:00:00.000Z",
"legacy_version": "2",
"number": "2",
"summary": "To comprehensively address CVE-2025-59287, Microsoft has released an out of band security update for the following supported versions of Windows Server: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), and Windows Server 2025. Note that a reboot will be required after you install the updates."
},
{
"date": "2025-10-24T07:00:00.000Z",
"legacy_version": "2.1",
"number": "3",
"summary": "Updated links to security updates. This is an informational change only."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.17763.7922",
"product": {
"name": "Windows Server 2019 \u003c10.0.17763.7922",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "10.0.17763.7922",
"product": {
"name": "Windows Server 2019 10.0.17763.7922",
"product_id": "11571"
}
}
],
"category": "product_name",
"name": "Windows Server 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.17763.7922",
"product": {
"name": "Windows Server 2019 (Server Core installation) \u003c10.0.17763.7922",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "10.0.17763.7922",
"product": {
"name": "Windows Server 2019 (Server Core installation) 10.0.17763.7922",
"product_id": "11572"
}
}
],
"category": "product_name",
"name": "Windows Server 2019 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.20348.4297",
"product": {
"name": "Windows Server 2022 \u003c10.0.20348.4297",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "10.0.20348.4297",
"product": {
"name": "Windows Server 2022 10.0.20348.4297",
"product_id": "11923"
}
}
],
"category": "product_name",
"name": "Windows Server 2022"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.20348.4297",
"product": {
"name": "Windows Server 2022 (Server Core installation) \u003c10.0.20348.4297",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "10.0.20348.4297",
"product": {
"name": "Windows Server 2022 (Server Core installation) 10.0.20348.4297",
"product_id": "11924"
}
}
],
"category": "product_name",
"name": "Windows Server 2022 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.26100.6905",
"product": {
"name": "Windows Server 2025 (Server Core installation) \u003c10.0.26100.6905",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "10.0.26100.6905",
"product": {
"name": "Windows Server 2025 (Server Core installation) 10.0.26100.6905",
"product_id": "12437"
}
}
],
"category": "product_name",
"name": "Windows Server 2025 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.25398.1916",
"product": {
"name": "Windows Server 2022, 23H2 Edition (Server Core installation) \u003c10.0.25398.1916",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "10.0.25398.1916",
"product": {
"name": "Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.1916",
"product_id": "12244"
}
}
],
"category": "product_name",
"name": "Windows Server 2022, 23H2 Edition (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.26100.6905",
"product": {
"name": "Windows Server 2025 \u003c10.0.26100.6905",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "10.0.26100.6905",
"product": {
"name": "Windows Server 2025 10.0.26100.6905",
"product_id": "12436"
}
}
],
"category": "product_name",
"name": "Windows Server 2025"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.14393.8524",
"product": {
"name": "Windows Server 2016 \u003c10.0.14393.8524",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "10.0.14393.8524",
"product": {
"name": "Windows Server 2016 10.0.14393.8524",
"product_id": "10816"
}
}
],
"category": "product_name",
"name": "Windows Server 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.14393.8524",
"product": {
"name": "Windows Server 2016 (Server Core installation) \u003c10.0.14393.8524",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "10.0.14393.8524",
"product": {
"name": "Windows Server 2016 (Server Core installation) 10.0.14393.8524",
"product_id": "10855"
}
}
],
"category": "product_name",
"name": "Windows Server 2016 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2.9200.25728",
"product": {
"name": "Windows Server 2012 \u003c6.2.9200.25728",
"product_id": "13"
}
},
{
"category": "product_version",
"name": "6.2.9200.25728",
"product": {
"name": "Windows Server 2012 6.2.9200.25728",
"product_id": "10378"
}
}
],
"category": "product_name",
"name": "Windows Server 2012"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2.9200.25728",
"product": {
"name": "Windows Server 2012 (Server Core installation) \u003c6.2.9200.25728",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "6.2.9200.25728",
"product": {
"name": "Windows Server 2012 (Server Core installation) 6.2.9200.25728",
"product_id": "10379"
}
}
],
"category": "product_name",
"name": "Windows Server 2012 (Server Core installation)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.9600.22826",
"product": {
"name": "Windows Server 2012 R2 \u003c6.3.9600.22826",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "6.3.9600.22826",
"product": {
"name": "Windows Server 2012 R2 6.3.9600.22826",
"product_id": "10483"
}
}
],
"category": "product_name",
"name": "Windows Server 2012 R2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.9600.22826",
"product": {
"name": "Windows Server 2012 R2 (Server Core installation) \u003c6.3.9600.22826",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "6.3.9600.22826",
"product": {
"name": "Windows Server 2012 R2 (Server Core installation) 6.3.9600.22826",
"product_id": "10543"
}
}
],
"category": "product_name",
"name": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-59287",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution.",
"title": "How could an attacker exploit this vulnerability?"
},
{
"category": "faq",
"text": "To fully address this vulnerability, Windows Server customers should install the out-of-band update released on October 23, 2025. If you cannot install the update immediately see the Workaround section for actions you can take to be protected.",
"title": "What actions do I need to take to be protected from this vulnerability?"
},
{
"category": "faq",
"text": "Yes. After you install the update you will need to reboot your system.",
"title": "Will the out-of-band update released on October 23, 2025 require a Windows server reboot?"
},
{
"category": "faq",
"text": "The update is available through the following channels:\nFor customers who automatically install updates, this update will be downloaded and installed automatically from Windows Update and Microsoft Update., The standalone package for this update is available on the Microsoft Update Catalog website., This update will automatically sync with Windows Server Update Services (WSUS).",
"title": "How I do get the October 23, 2025 out of band security update?"
},
{
"category": "faq",
"text": "Microsoft has updated the Exploit Code Maturity metric of the CVSS Temporal score from Unproven (U) to Proof-of-Concept (P) after confirming the availability of publicly disclosed PoC code for this CVE.",
"title": "Why did the Temporal CVSS score change?"
},
{
"category": "faq",
"text": "Yes. An updates scan file will be available at the time of, or shortly after, the release.",
"title": "Will an updated Windows Update offline scan file, Wsusscn2.cab, with this new security update be available?"
}
],
"product_status": {
"fixed": [
"10378",
"10379",
"10483",
"10543",
"10816",
"10855",
"11571",
"11572",
"11923",
"11924",
"12244",
"12436",
"12437"
],
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287"
},
{
"category": "self",
"summary": "CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-59287.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-14T07:00:00.000Z",
"details": "10.0.17763.7922:Security Update:https://support.microsoft.com/help/5070883",
"product_ids": [
"7",
"6"
],
"url": "https://support.microsoft.com/help/5070883"
},
{
"category": "vendor_fix",
"date": "2025-10-14T07:00:00.000Z",
"details": "10.0.20348.4297:Security Update:https://support.microsoft.com/help/5070884",
"product_ids": [
"5",
"4"
],
"url": "https://support.microsoft.com/help/5070884"
},
{
"category": "vendor_fix",
"date": "2025-10-14T07:00:00.000Z",
"details": "10.0.26100.6905:Security Update:https://support.microsoft.com/help/5070881",
"product_ids": [
"1",
"2"
],
"url": "https://support.microsoft.com/help/5070881"
},
{
"category": "vendor_fix",
"date": "2025-10-14T07:00:00.000Z",
"details": "10.0.25398.1916:Security Update:https://support.microsoft.com/help/5070879",
"product_ids": [
"3"
],
"url": "https://support.microsoft.com/help/5070879"
},
{
"category": "vendor_fix",
"date": "2025-10-14T07:00:00.000Z",
"details": "10.0.14393.8524:Security Update:https://support.microsoft.com/help/5070882",
"product_ids": [
"9",
"8"
],
"url": "https://support.microsoft.com/help/5070882"
},
{
"category": "vendor_fix",
"date": "2025-10-14T07:00:00.000Z",
"details": "6.2.9200.25728:Security Update:https://support.microsoft.com/help/5070887",
"product_ids": [
"13",
"12"
],
"url": "https://support.microsoft.com/help/5070887"
},
{
"category": "vendor_fix",
"date": "2025-10-14T07:00:00.000Z",
"details": "6.3.9600.22826:Security Update:https://support.microsoft.com/help/5070886",
"product_ids": [
"11",
"10"
],
"url": "https://support.microsoft.com/help/5070886"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13"
]
}
],
"threats": [
{
"category": "impact",
"details": "Remote Code Execution"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely"
}
],
"title": "Windows Server Update Service (WSUS) Remote Code Execution Vulnerability"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…