Описание
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-59287
- https://gist.github.com/hawktrace/880b54fb9c07ddb028baaae401bd3951
- https://hawktrace.com/blog/CVE-2025-59287
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
- https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-server-wsus-flaw-exploited-in-attacks
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59287
Связанные уязвимости
CVSS3: 9.8
nvd
19 дней назад
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVSS3: 9.8
msrc
11 дней назад
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
CVSS3: 9.8
fstec
20 дней назад
Уязвимость сервера обновлений Windows Server Update Service (WSUS) операционных систем Windows, позволяющая нарушителю выполнить произвольный код