Exploitation activity of cve-2025-59287 – wsus suspicious child process

Intel Name: Exploitation activity of cve-2025-59287 – wsus suspicious child process

Date of Scan: November 3, 2025

Impact: Medium

Summary:
Monitors for instances where command-line interpreters like cmd.exe or powershell.exe are spawned as child processes of the WSUS service (wsusservice.exe). This behavior strongly indicates potential exploitation of a critical remote code execution vulnerability, such as CVE-2025-59287, where attackers may launch shells to perform reconnaissance or additional malicious actions.

More Details