Vulnerability Database
299,038
Total vulnerabilities in the database
CVE-2025-59287
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
| Software | From | Fixed in |
|---|---|---|
| microsoft / windows_server_2012 | r2 | r2.x |
| microsoft / windows_server_2016 | - | 10.0.14393.8524 |
| microsoft / windows_server_2019 | - | 10.0.17763.7922 |
| microsoft / windows_server_2022 | - | 10.0.20348.4297 |
| microsoft / windows_server_2022_23h2 | - | 10.0.25398.1916 |
| microsoft / windows_server_2025 | - | 10.0.26100.6905 |
- https://gist.github.com/hawktrace/880b54fb9c07ddb028baaae401bd3951
- https://hawktrace.com/blog/CVE-2025-59287
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
- https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-server-wsus-flaw-exploited-in-attacks/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59287
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime