Описание
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-59287
- https://gist.github.com/hawktrace/880b54fb9c07ddb028baaae401bd3951
- https://hawktrace.com/blog/CVE-2025-59287
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
- https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-server-wsus-flaw-exploited-in-attacks
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59287
- https://www.vicarius.io/vsociety/posts/cve-2025-59287-detection-script-rce-vulnerability-in-windows-server-update-service
- https://www.vicarius.io/vsociety/posts/cve-2025-59287-mitigation-script-rce-vulnerability-in-windows-server-update-service
Связанные уязвимости
CVSS3: 9.8
nvd
6 месяцев назад
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVSS3: 9.8
msrc
5 месяцев назад
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
CVSS3: 9.8
fstec
6 месяцев назад
Уязвимость сервера обновлений Windows Server Update Service (WSUS) операционных систем Windows, позволяющая нарушителю выполнить произвольный код