2025-040: Critical Vulnerability in Windows Server Update Service (WSUS)
ID: f57f34f1-a70f-556b-91f8-8594a94359cf
STIX ID: report--f57f34f1-a70f-556b-91f8-8594a94359cf
Feed Name: CERT-EU Security Advisories
Threat Score
Microsoft released an out-of-band update on 23 October 2025 to address CVE-2025-59287, a critical (CVSS 9.8) unsafe deserialization vulnerability in Windows Server when the WSUS role is enabled that permits remote unauthenticated code execution as SYSTEM; a public proof-of-concept is available and multiple Windows Server versions are impacted, so immediate patching is recommended.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.