Attackers are exploiting the recently patched CVE-2025-59287 WSUS vulnerability to deploy infostealer malware on unpatched Windows servers. Multiple threat actors are actively targeting vulnerable systems for data exfiltration and credential harvesting. #CVE-2025-59287 #WSUS #Infostealer #WindowsServers #CyberThreats
Keypoints
- The CVE-2025-59287 vulnerability affects Windows Server Update Services, enabling remote code execution.
- Attackers are exploiting the flaw to exfiltrate data and install infostealer malware such as Skuld Stealer.
- Several organizations across industries, including universities and healthcare, have been targeted.
- The attack methods include unsafe deserialization via GetCookie() and SoapFormatter endpoints.
- Organizations should apply security updates, identify vulnerable servers, and monitor for unusual activity.
Read More: https://www.helpnetsecurity.com/2025/10/30/wsus-vulnerability-infostealer-cve-2025-59287/