← Back

CVE-2025-59287

nvd nistnuclei
Published: Oct 14, 2025Modified: Nov 12, 2025CISA KEV

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: secure@microsoft.com (Secondary)

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Affected (7)

Microsoft
6 products
Windows Server 2012
Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows Server 2022 23h2
Windows Server 2025
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Windows Server 2012
All versions
Windows Server 2012
Version r2
Windows Server 2016
Before 10.0.14393.8524
Windows Server 2019
Before 10.0.17763.7922
Windows Server 2022
Before 10.0.20348.4297
Windows Server 2022 23h2
Before 10.0.25398.1916
Windows Server 2025
Before 10.0.26100.6905

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (7)

Source: secure@microsoft.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Third Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.