Sign In

CVE-2025-59287

📊 9.8 CRITICAL9.4%🎯 0 exploits🏛️ KEV Listed
📅 Published Oct 14, 2025
📋 Status: Analyzed

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

🎯 Affected Products & Systems

7 product configurations affected

Filter by type:
💻
microsoft / windows server 2012
Operating System
Vulnerable
Version: All versions
CPE:
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
💻
microsoft / windows server 2012
Operating System
Vulnerable
Version: r2
CPE:
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
💻
microsoft / windows server 2016
Operating System
Vulnerable
Version: < 10.0.14393.8524
CPE:
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
💻
microsoft / windows server 2019
Operating System
Vulnerable
Version: < 10.0.17763.7922
CPE:
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
💻
microsoft / windows server 2022
Operating System
Vulnerable
Version: < 10.0.20348.4297
CPE:
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
💻
Vulnerable
Version: < 10.0.25398.1916
CPE:
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
💻
microsoft / windows server 2025
Operating System
Vulnerable
Version: < 10.0.26100.6905
CPE:
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
7 productsscroll for more
Metrics
9.8 CRITICALCVSS v3.1[email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
UNCHANGED

🔍 Technical Details

Analysis Status
Analyzed
CVSS Details
9.8 (CRITICAL)v3.1
Source: [email protected]
EPSS Details
9.4% (Minimal)92.4th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Oct 14, 2025 (17 days ago)
Last Modified
Oct 28, 2025 (3 days ago)
Security Weaknesses1
References5