H-ISAC TLP White Threat Bulletin: POC Exploit Available for Critical WSUS Flaw CVE-2025-59287 - 10-24-2025

On October 23, 2025, Microsoft issued an out-of-band (OOB) security update for a critical-severity Remote Code Execution (RCE) vulnerability, tracked as CVE-2025-59287, which impacts the Windows Server Update Service (WSUS) Server Role. This threat is now categorized as urgent due to the public release of a proof-of-concept (PoC) exploit code. 

The flaw tracked as CVE-2025-59287, with a CVSS score of 9.8, allows a remote, unauthorized threat actor to execute malicious code with SYSTEM privileges through a low-complexity attack requiring no user interaction. The attack vector involves sending a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism. As a result of exploitation, a threat actor can take control of the WSUS Server and distribute malicious updates across managed endpoints.