The Reveal Platform
Intel Name: Microsoft wsus remote code execution (cve-2025-59287) actively exploited in the wild
Date of Scan: October 28, 2025
Impact: High
Summary: In October 2025, a critical remote code execution (RCE) vulnerability in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287 (CVSS 9.8), was discovered. The flaw allows unauthenticated remote attackers to execute code with system-level privileges on affected servers. Although Microsoft initially released a fix on October Patch Tuesday, the issue persisted, leading to an emergency out-of-band patch on October 23, 2025. Within hours, active exploitation was detected by researchers, prompting CISA to add the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog the next day. Organizations are urged to apply patches immediately or use Microsoft’s recommended temporary mitigations to reduce exposure.
