CVE-2025-59287

This repository contains a functional exploit for CVE-2025-59287, targeting unsafe deserialization in Microsoft Windows Server Update Services (WSUS). The exploit leverages AES-128-CBC decryption and BinaryFormatter deserialization to achieve remote code execution with SYSTEM privileges.

This repository provides a defensive honeypot for CVE-2025-59287, emulating WSUS endpoints to capture and analyze attacker activity. It includes a Flask-based capture service, detection rules, and a Windows test harness for validation.

This repository contains a functional exploit for CVE-2025-59287, targeting a WSUS (Windows Server Update Services) vulnerability. The exploit automates the generation of a malicious .NET payload using ysoserial, encrypts it with a hardcoded AES key, and delivers it via a crafted SOAP request to achieve unauthenticated remote code execution.

This repository contains a functional PowerShell exploit for CVE-2025-59287, targeting an unauthenticated RCE vulnerability in WSUS. The script automates the exploitation process by generating a malicious payload using ysoserial.net and triggering it via WSUS console interaction.

This PoC exploits CVE-2025-59287, a deserialization vulnerability in Microsoft Windows Update Service (WSUS). It demonstrates unauthorized remote code execution by leveraging SOAP-based authentication bypass and crafted payloads.

This repository provides a detailed technical analysis of CVE-2025-59287, an unauthenticated RCE vulnerability in Windows Server Update Services (WSUS) due to unsafe deserialization. It includes IoCs, detection rules, and mitigation steps but does not contain functional exploit code.

This repository contains a functional exploit for CVE-2025-59287, a critical RCE vulnerability in Microsoft WSUS due to unsafe deserialization in the BinaryFormatter component. The exploit includes a C# payload generator and Python scripts to encrypt and deliver the payload via the GetCookie() endpoint.

The repository contains a functional PowerShell exploit for CVE-2025-59287, a critical RCE vulnerability in Windows Server Update Services (WSUS) due to unsafe deserialization. It includes a detailed technical writeup, an XML payload, and a PowerShell script to generate and upload the malicious payload to a vulnerable WSUS server.

This repository contains a functional exploit for CVE-2025-59287, a critical remote code execution vulnerability in Microsoft Windows Server Update Services (WSUS). The exploit leverages insecure deserialization in the GetCookie() endpoint to achieve unauthenticated RCE with SYSTEM privileges.

This repository contains a functional exploit PoC for CVE-2025-59287, targeting a deserialization vulnerability in Microsoft Windows Update Service (WSUS). The exploit chain involves authentication cookie retrieval, server ID extraction, and crafted SOAP requests to trigger deserialization for potential RCE.

The repository contains a functional exploit for CVE-2025-11953, a critical OS command injection vulnerability in React Native Community CLI Metro Development Server. It includes both basic and advanced exploitation scripts, demonstrating arbitrary command execution via the unsanitized `open-url` endpoint.

This repository contains a Python-based exploit for CVE-2025-59287, targeting a remote code execution vulnerability in Windows Server Update Services (WSUS). It includes modules for payload encryption and exploitation, with support for both legacy and secure encryption modes.

This PoC exploits a deserialization vulnerability in WSUS/SCCM via crafted SOAP requests, leveraging ysoserial.net to generate malicious payloads for remote code execution. It automates authentication, cookie retrieval, and payload delivery to trigger RCE.

This repository contains a functional PowerShell exploit for CVE-2025-59287, targeting a deserialization vulnerability in WSUS. The script generates a reverse shell payload, retrieves necessary cookies, and triggers the exploit via crafted SOAP requests.

The repository contains obfuscated code in `encrypt.py` that attempts to execute malicious commands via subprocess, disguised as a WSUS exploit toolkit. The README lacks technical details about CVE-2025-59287 and instead provides generic installation instructions.

The repository claims to be a PoC for CVE-2025-59287 but contains obfuscated code that downloads and executes a malicious payload. The README misleadingly describes a booklist management tool while the code initializes a hidden process to fetch and run a remote script.

This repository contains a functional exploit chain for CVE-2025-59287, targeting WSUS servers via deserialization. It includes scripts to check vulnerability, generate payloads (file drop or reverse shell), and deliver the exploit.

This repository contains a functional exploit for CVE-2025-59287, targeting WSUS servers via deserialization of a malicious payload. The exploit crafts a serialized object with embedded XAML to achieve remote code execution on vulnerable systems.

This repository contains a functional exploit for CVE-2025-59287, targeting a WSUS XML deserialization vulnerability to achieve remote code execution. The exploit chains multiple SOAP endpoints to authenticate and deliver a malicious payload via a crafted XML event.

This is a detailed technical analysis of CVE-2025-59287, a deserialization vulnerability in Microsoft WSUS. The writeup includes root cause analysis, affected versions, and a breakdown of the vulnerable `DecryptData()` function.

This Metasploit module exploits a deserialization vulnerability in Windows Server Update Services (WSUS) to achieve remote code execution. It leverages SOAP requests to trigger unsafe deserialization, executing payloads in an administrator context.