Oct 2025: Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
CVE-2025-59287 Published on October 14, 2025

Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Vendor Advisory NVD

Known Exploited Vulnerability

This Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.

The following remediation steps are recommended / required by November 14, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2025-59287 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2025-59287

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Windows Server 2019

Microsoft Windows Server 2022

Microsoft Windows Server 2025

Microsoft Windows Server 23h2

Microsoft Windows Server 2016

Microsoft Windows Server 2012

Microsoft Windows Server 2012 R2

Affected Versions

Microsoft Windows Server 2012:

Version 6.2.9200.0 and below 6.2.9200.25728 is affected.

Microsoft Windows Server 2012 (Server Core installation):

Version 6.2.9200.0 and below 6.2.9200.25728 is affected.

Microsoft Windows Server 2012 R2:

Version 6.3.9600.0 and below 6.3.9600.22826 is affected.

Microsoft Windows Server 2012 R2 (Server Core installation):

Version 6.3.9600.0 and below 6.3.9600.22826 is affected.

Microsoft Windows Server 2016:

Version 10.0.14393.0 and below 10.0.14393.8524 is affected.

Microsoft Windows Server 2016 (Server Core installation):

Version 10.0.14393.0 and below 10.0.14393.8524 is affected.

Microsoft Windows Server 2019:

Version 10.0.17763.0 and below 10.0.17763.7922 is affected.

Microsoft Windows Server 2019 (Server Core installation):

Version 10.0.17763.0 and below 10.0.17763.7922 is affected.

Microsoft Windows Server 2022:

Version 10.0.20348.0 and below 10.0.20348.4297 is affected.

Microsoft Windows Server 2022, 23H2 Edition (Server Core installation):

Version 10.0.25398.0 and below 10.0.25398.1916 is affected.

Microsoft Windows Server 2025:

Version 10.0.26100.0 and below 10.0.26100.6905 is affected.

Microsoft Windows Server 2025 (Server Core installation):

Version 10.0.26100.0 and below 10.0.26100.6905 is affected.

Exploit Probability

EPSS

71.41%

Percentile

98.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.