Technical details CVE-2025-59287 is an unsafe deserialization vulnerability in the WSUS reporting component. In short, WSUS accepts serialized data from a network request and deserializes it without performing sufficient validation. A specially crafted serialized payload can cause unexpected object instantiation during deserialization, which in turn can be abused to execute code inside the WSUS process.”¦
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/10/windows-server-update-service-wsus-remote-code-execution-vulnerability-cve-2025-59287/
