24h | 7d | 30d

CVE-2025-59287

Overview

  • Microsoft
  • Windows Server 2019
14 Oct 2025
Published
25 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
9.02%
KEV

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 29 Posts
  • 18 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
Taggart @mttaggart

So about the WSUS vuln.

Looking at the stack trace in this writeup: is the structure of Microsoft.UpdateServices.Internal.SoapUtilities.DeserializeObject unique to WSUS? Or could other DeserializeObject functions in MS web services have a similar issue?

research.eye.security/wsus-des

  • 5
  • 6
  • 0
  • 1h ago
Profile picture
Taggart @mttaggart

Shout-out to the original Hawktrace writeup (with PoC): hawktrace.com/blog/CVE-2025-59

  • 2
  • 1
  • 0
  • 1h ago
Profile picture
Alexandre Borges @alexandreborges

WSUS Deserialization Exploit in the Wild (CVE‑2025‑59287):

research.eye.security/wsus-des

  • 1
  • 0
  • 0
  • 21h ago
Profile picture
YAYAFA @yayafa

Windows Serverの脆弱性(CVE-2025-59287)、マイクロソフトが修正パッチを再配布。攻撃活発化でCISAも警告 yayafa.com/2596434/ #autonews #HeadlineNews #SCIENCE #Science&Technology #Technology #サイバーセキュリティニュース #テクノロジー #科学 #科学&テクノロジー

  • 1
  • 0
  • 1
  • 8h ago
Profile picture
DragonJAR @dragonjar

Actores de amenazas están explotando una vulnerabilidad crítica en Windows Server Update Services, lo que resalta la necesidad urgente de aplicar parches. También se discuten los riesgos que la inteligencia artificial presenta para nuestras redes y se ofrecen herramientas como watchTowr para fortalecer la ciberseguridad. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 25/10/25 📆 |====

🔒 EXPLOTACIÓN DE VULNERABILIDAD EN WSUS (CVE-2025-59287)
Actores de amenazas están aprovechando una vulnerabilidad crítica en Microsoft Windows Server Update Services (WSUS). Esta situación subraya la urgencia de aplicar parches y mantenerse alerta ante posibles accesos no autorizados. ¡Infórmate sobre cómo proteger tu infraestructura! 👉 djar.co/9trdUO

🔍 ALERTA CRÍTICA EN WSUS (CVE‑2025‑59287)
Recientemente, se ha emitido una alerta sobre vulnerabilidades en los servicios afectados de Windows Server Update Services, lo que podría comprometer la seguridad de numerosas organizaciones. Descubre las implicaciones y las medidas a tomar para mitigar este riesgo. 👉 djar.co/HAnUD

🛡️ GESTIÓN DE EXPOSICIÓN PREVENTIVA CON WATCHTOWR
La plataforma watchTowr ayuda a las organizaciones a identificar sus puntos vulnerables actuales, proporcionando una visión clara para implementar una defensa eficaz. Conocer estas exposiciones es crucial para fortalecer tu ciberseguridad. Infórmate más aquí 👉 djar.co/cxehIu

⚠️ ¿LA IA MÁS RÁPIDA QUE TU RED DE SEGURIDAD?
Las herramientas de inteligencia artificial, que prometen mejorar nuestra eficiencia, también pueden internalizar riesgos significativos. Este análisis discute cómo estos avances tecnológicos podrían estar desbordando las capacidades de nuestras redes de seguridad. ¡No te lo pierdas! 👉 djar.co/AHA5

🔍 MONITOREO DE SEGURIDAD EN REDES
Conoce los aspectos clave del monitoreo de seguridad en redes: desde la importancia de observar los perímetros hasta la forma de analizar el tráfico sospechoso y los registros con el fin de detectar ataques inminentes. Aumenta tu conocimiento e implementa mejores prácticas. 👉 djar.co/0BgeyA

🔑 ATAQUES DE CANAL LATERAL EN PROCESADORES ARM
Investigadores han explorado técnicas para extraer claves de cifrado AES de procesadores ARM de alto rendimiento, revelando tanto los éxitos como los obstáculos encontrados. Esta información podría ser vital para comprender y reforzar la seguridad en hardware moderno. Aprende más sobre sus hallazgos 👉 djar.co/3B3g

  • 0
  • 1
  • 0
  • 10h ago
Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: Microsoft issues out-of-band patch for actively exploited RCE in WSUS (CVE-2025-59287). All supported Windows Server versions with WSUS impacted. Patch & reboot ASAP, or block ports 8530/8531 if you can't patch yet. radar.offseq.com/threat/micros

  • 0
  • 0
  • 0
  • 22h ago
Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-59287 in Windows Server WSUS is actively exploited — remote, unauthenticated code execution possible! No patch yet. Segment WSUS, restrict access, monitor for exploits. Stay alert. radar.offseq.com/threat/critic

  • 0
  • 0
  • 0
  • 19h ago
Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: Microsoft issues out-of-band patch for WSUS vulnerability (CVE-2025-59287) under active exploitation. All Windows Server admins must patch ASAP. Audit WSUS logs, segment networks, and verify update integrity. More info: radar.offseq.com/threat/micros

  • 0
  • 0
  • 0
  • 16h ago
Profile picture
Cybersecurity & cyberwarfare @cybersecurity

RCE critica in Microsoft WSUS sfruttata attivamente. CISA avverte: rischio imminente

Un’allerta globale è stata lanciata dalla Cybersecurity and Infrastructure Security Agency (CISA) degli Stati Uniti, riguardante lo sfruttamento attivo di una falla critica di esecuzione di codice remoto (RCE) nel servizio di aggiornamento dei server Windows (WSUS) di Microsoft, rivolta a tutte le organizzazioni mondiali.

La vulnerabilità, catalogata come CVE-2025-59287, presenta un punteggio CVSS pari a 9,8, permettendo a malintenzionati senza autenticazione di eseguire codice a con diritti di amministratore all’interno di una rete, minacciando così le organizzazioni.

La falla di sicurezza, originata dalla deserializzazione all’interno di WSUS, ha subito una parziale correzione mediante la patch mensile Microsoft di ottobre, tuttavia si è reso necessario un aggiornamento straordinario pubblicato il 23 ottobre 2025, a causa dell’insufficienza della soluzione iniziale.

Microsoft e CISA esortano a un intervento urgente per contrastare la minaccia. Per iniziare, occorre individuare i server suscettibili a rischio eseguendo una scansione per rilevare quelli con il ruolo WSUS attivo e con le porte 8530/8531 aperte. Applicare immediatamente la patch out-of-band del 23 ottobre , quindi riavviare per garantire la mitigazione completa. Ritardare questa operazione potrebbe esporre le reti a RCE non autenticate.

Per coloro che non possono applicare subito la patch, le soluzioni temporanee includono la disabilitazione del ruolo WSUS o il blocco del traffico in ingresso verso le porte interessate sul firewall host; queste azioni non devono essere annullate finché non viene installato l’aggiornamento.

Pochi giorni prima, il ricercatore Batuhan Er di HawkTrace aveva rilasciato exploit proof-of-concept (PoC) che hanno velocizzato l’attività malevola, permettendo agli attaccanti di bersagliare i server WSUS in esecuzione con un account SYSTEM.

La società di sicurezza olandese Eye Security ha identificato i primi tentativi di sfruttamento della vulnerabilità alle 06:55 UTC del 24 ottobre 2025, mediante un payload .NET codificato in Base64.

Tale payload è stato progettato per superare i sistemi di registrazione attraverso l’esecuzione di comandi veicolati da un’intestazione di richiesta personalizzata denominata “aaaa”. La minaccia, secondo quanto riportato dalle aziende specializzate in sicurezza, sta aumentando rapidamente, con segnalazioni di attacchi reali già a partire dal 24 ottobre 2025.

La CISA, inoltre, ha incluso il CVE-2025-59287 nel suo catalogo delle vulnerabilità sfruttate (KEV), impone alle agenzie federali di risolvere la vulnerabilità entro il 14 novembre 2025, data che evidenzia la facile sfruttabilità e la scarsa complessità dell’exploit, il quale non necessita di interazione o autenticazione utente.

Le aziende che utilizzano WSUS per la gestione centralizzata degli aggiornamenti sono esposte a notevoli rischi, in quanto una violazione efficace potrebbe permettere agli aggressori di diffondere aggiornamenti dannosi su tutti i dispositivi collegati.

La vulnerabilità sfrutta un meccanismo di serializzazione legacy nell’endpoint GetCookie(), in cui gli oggetti AuthorizationCookie crittografati vengono decrittografati tramite AES-128-CBC e deserializzati tramite BinaryFormatter senza convalida del tipo, aprendo la porta al controllo completo del sistema.

L'articolo RCE critica in Microsoft WSUS sfruttata attivamente. CISA avverte: rischio imminente proviene da Red Hot Cyber.

  • 0
  • 0
  • 0
  • 15h ago
Profile picture
:mastodon: decio @decio

Voilà… 💥 dangerosité de cette vulnérabilité confirmée par @GossiTheDog
👇
cyberplace.social/@GossiTheDog

Il soulève aussi la possibilité d’une attaque par envoi de mise à jour malveillante post-programmée.

...et effectivement des instances WSUS sont visibles sur Internet

⚠️ Exploitation active signalée par Huntress :

"Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (CVE-2025-59287)"
👇
huntress.com/blog/exploitation

  • 0
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture
UndercodeTesting @undercode.bsky.social
The WSUS Worm: How a Single Unpatched Server Can Cripple Your Entire Network Introduction: A critical, wormable vulnerability in Windows Server Update Services (CVE-2025-59287) threatens enterprise networks globally. This remote code execution flaw allows unauthenticated attackers to take complete…
  • 0
  • 1
  • 0
  • 15h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #ArcticWolf includes "Microsoft Releases Emergency Patch for Exploited Critical Remote Code Execution Vulnerability (CVE-2025-59287)" and "The Role of Tabletop Exercises in IR Planning". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 20h ago
Profile picture
UndercodeTesting @undercode.bsky.social
The WSUS Wake-Up Call: How a Single Unpatched Vulnerability Is Putting Entire Enterprises at Risk Introduction: A critical vulnerability in Microsoft's Windows Server Update Services (WSUS), designated CVE-2025-59287, is being actively exploited by threat actors. This flaw in a core service…
  • 0
  • 0
  • 1
  • 20h ago
Profile picture
piggo @pigondrugs.bsky.social
~Cisa~ Microsoft released an out-of-band patch for a critical, known exploited RCE vulnerability (CVE-2025-59287) in Windows Server Update Service. - IOCs: CVE-2025-59287 - #CVE202559287 #ThreatIntel #WSUS
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability scq.ms/48MigXI #cybersecurity #SecQube
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 Exploitation active d’une vulnérabilité RCE dans WSUS (CVE-2025-59287) 📝 Source: Huntress — Le billet détaille l’exploitation active de la vulnérabilité **CVE-… https://cyberveille.ch/posts/2025-10-25-exploitation-active-dune-vulnerabilite-rce-dans-wsus-cve-2025-59287/ #CVE_2025_59287 #Cyberveille
  • 0
  • 0
  • 0
  • 12h ago
Profile picture
r/blueteamsec bot @r-blueteamsec.bsky.social
Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (CVE-2025-59287)
  • 0
  • 0
  • 2
  • 9h ago
Profile picture
ohhara @shiojiri.com
WSUSにリモートコード実行の脆弱性。深刻度は緊急。MS、修正更新プログラムを緊急リリース。KB5070881等。全Windows Serverが対象。CVE-2025-59287に対処 | ニッチなPCゲーマーの環境構築Z https://www.nichepcgamer.com/archives/fixed-wsus-remote-code-execution-vulnerability-cve-2025-59287.html
  • 0
  • 0
  • 0
  • 9h ago
Profile picture
yayafa.bsky.social @yayafa.bsky.social
Windows Serverの脆弱性(CVE-2025-59287)、マイクロソフトが修正パッチを再配布。攻撃活発化でCISAも警告 https://www.yayafa.com/2596434/ マイクロソフトは2025年10月25日、Windows Server Update Service(WSUS)に存在する脆弱性CVE-2025-59287に対し、緊急の帯域外アップデートを公開した。 これは、同月提供の月 [...]
  • 0
  • 0
  • 2
  • 7h ago
Profile picture
CyberHub @cyberhub.blog
📌 Microsoft Issues Emergency Patch for Actively Exploited WSUS Vulnerability (CVE-2025-59287) https://www.cyberhub.blog/article/14803-microsoft-issues-emergency-patch-for-actively-exploited-wsus-vulnerability-cve-2025-59287
  • 0
  • 0
  • 0
  • 5h ago
Profile picture
CrowdCyber @crowdcyber.bsky.social
CRITICAL ALERT: Windows Server WSUS Flaw Actively Exploited (CVE-2025-59287, CVSS 9.8)
  • 0
  • 0
  • 0
  • 1h ago
Profile picture
piggo @pigondrugs.bsky.social
~Cisa~ CISA added two actively exploited vulnerabilities, CVE-2025-54236 (Adobe) and CVE-2025-59287 (MS WSUS), to its KEV catalog. - IOCs: CVE-2025-54236, CVE-2025-59287 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
ohhara @shiojiri.com
CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability CVE-2025-59287 Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-62518

Overview

  • astral-sh
  • tokio-tar
21 Oct 2025
Published
22 Oct 2025
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.02%
KEV

Description

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.

Statistics

  • 3 Posts
  • 4 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
jbz @jbz

⚠️ TARmageddon flaw in abandoned Rust library enables RCE attacks

「 Tracked as CVE-2025-62518, this logic flaw results from a desynchronization issue that allows unauthenticated attackers to inject additional archive entries during TAR file extraction 」

bleepingcomputer.com/news/secu

#rust #rce #exploit #cybersecurity

  • 3
  • 1
  • 0
  • 23h ago
Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

🚨TARmageddon: High Profile Security Vulnerability In Popular Rust Library

CVE: CVE-2025-62518

CVSS: 8.1

GitHub: github.com/edera-dev/cve-tarma

Write-up: edera.dev/stories/tarmageddon

  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
[release-25.05] zed-editor: fix CVE-2025-62518 https://github.com/NixOS/nixpkgs/pull/455479 #security
  • 0
  • 0
  • 0
  • 3h ago

CVE-2019-1367

Overview

  • Microsoft
  • Internet Explorer 9
23 Sep 2019
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
89.17%
KEV

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 15 hours ago

Fediverse

Profile picture
Anthony Powell @ajguides

Microsoft Update causing Print Spooler Problems - CVE-2019-1367 | techygeekshome.info/cve-2019-1 #Microsoft #News #security #Updates #Windows 
techygeekshome.info/cve-2019-1

  • 1
  • 0
  • 0
  • 15h ago

CVE-2021-44228

Overview

  • Apache Software Foundation
  • Apache Log4j2
10 Dec 2021
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
94.36%
KEV

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 8 hours ago

Bluesky

Profile picture
ohhara @shiojiri.com
Log4Shell (CVE-2021-44228) を手元で再現する - Docker完全検証環境 #Security - Qiita https://qiita.com/keitah/items/fe39125979b899220bab
  • 0
  • 1
  • 0
  • 8h ago

CVE-2025-43995

Overview

  • Dell
  • Dell Storage Manager
24 Oct 2025
Published
25 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.17%
KEV

Description

Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-43995: CRITICAL improper authentication in Dell Storage Manager v20.1.21 lets remote attackers bypass protections via special SessionKey/UserId. Restrict access, monitor APIs, and await patch. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-54236

Overview

  • Adobe
  • Adobe Commerce
09 Sep 2025
Published
24 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
38.51%
KEV

Description

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

Statistics

  • 2 Posts
Last activity: 11 hours ago

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Cisa~ CISA added two actively exploited vulnerabilities, CVE-2025-54236 (Adobe) and CVE-2025-59287 (MS WSUS), to its KEV catalog. - IOCs: CVE-2025-54236, CVE-2025-59287 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
ohhara @shiojiri.com
CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability CVE-2025-59287 Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-8536

Overview

  • Studio Fabryka
  • DobryCMS
24 Oct 2025
Published
24 Oct 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.03%
KEV

Description

A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older branches of this software.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-8536: CRITICAL SQL injection in older DobryCMS versions. Remote, unauthenticated attackers can fully compromise backend databases. Patch unavailable — upgrade or apply strict mitigations now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-60553

Overview

  • Pending
24 Oct 2025
Published
24 Oct 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2025-60553 impacts D-Link DIR600L Ax (FW116WWb01). Buffer overflow in WAN setup (curTime param) allows remote code execution. No patch — restrict WAN access & monitor traffic! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-60803

Overview

  • Pending
24 Oct 2025
Published
24 Oct 2025
Updated
CVSS
Pending
EPSS
0.25%
KEV

Description

Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

🚨 CVE-2025-60803: CRITICAL RCE in Antabot White-Jotter (≤ commit 9bcadc). Unauthenticated attackers can exploit /api/aaa;/../register to execute code. No patch—restrict access & monitor closely. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

CVE-2022-49635

Overview

  • Linux
  • Linux
26 Feb 2025
Published
04 May 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines hole_end can be small enough to cause subtraction overflow. On the other side (addr + 2 * min_alignment) can overflow in case of mock tests. This patch should handle both cases. (cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2)

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2022-49635 drm/i915/selftests: fix subtraction overflow bug scq.ms/4oseXta #cybersecurity #SecQube
  • 0
  • 0
  • 0
  • 19h ago
Showing 1 to 10 of 13 CVEs