Skip to content

jiansiting/CVE-2025-59287

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

In this study, we will examine a critical vulnerability (CVE-2025-59287) discovered in the Microsoft Windows Server Update Services (WSUS) environment. This vulnerability arises from the unsafe deserialization of AuthorizationCookie objects sent to the GetCookie() endpoint, where encrypted cookie data is decrypted using AES-128-CBC and subsequently deserialized through BinaryFormatter without proper type validation, enabling remote code execution with SYSTEM privileges.

This EXP requires obtaining the key of Wusu first. This key needs to be obtained through other attack methods. This point needs to be clarified.

About

WSUS Unauthenticated RCE

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages