CVE-2023-35317

HIGH

Windows Server 2012, 2016, 2019, 2022 - Elevation of Privilege via WSUS Deserialization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-35317. PoCs published by M507.

AI-analyzed exploit summary This PoC exploits CVE-2025-59287, a deserialization vulnerability in Microsoft Windows Update Service (WSUS). It demonstrates unauthorized remote code execution by leveraging SOAP-based authentication bypass and crafted payloads.

Description

Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

Exploits (1)

nomisec WORKING POC 7 stars

by M507 · poc

https://github.com/M507/CVE-2025-59287-PoC

View Code ZIP pw:eip

This PoC exploits CVE-2025-59287, a deserialization vulnerability in Microsoft Windows Update Service (WSUS). It demonstrates unauthorized remote code execution by leveraging SOAP-based authentication bypass and crafted payloads.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows Update Service (WSUS)

No auth needed

Prerequisites: Network access to vulnerable WSUS server · Python environment with required dependencies

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35317

Scores

CVSS v3 7.8

EPSS 0.0182

EPSS Percentile 75.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (5)

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

microsoft/windows_server_2016

microsoft/windows_server_2019

microsoft/windows_server_2022

Published Jul 11, 2023

Tracked Since Feb 18, 2026