Skip to content

Commit 667fd73

Browse files
author
jenkins-metasploit
committed
automatic module_metadata_base.json update
1 parent c007d3a commit 667fd73

File tree

1 file changed

+60
-0
lines changed

1 file changed

+60
-0
lines changed

db/modules_metadata_base.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -183506,6 +183506,66 @@
183506183506
"session_types": false,
183507183507
"needs_cleanup": null
183508183508
},
183509+
"exploit_windows/http/wsus_deserialization_rce": {
183510+
"name": "Windows Server Update Service Deserialization Remote Code Execution",
183511+
"fullname": "exploit/windows/http/wsus_deserialization_rce",
183512+
"aliases": [],
183513+
"rank": 500,
183514+
"disclosure_date": "2025-10-14",
183515+
"type": "exploit",
183516+
"author": [
183517+
"mwulftange",
183518+
"msutovsky-r7"
183519+
],
183520+
"description": "This module exploits deserialization vulnerability in legacy serialization mechanism in Windows Server Update Services (WSUS). The vulnerability allows unauthenticated attacker to create specially crafted event, which triggers unsafe deserialization upon server synchronization. The module does not require any other options and upon successful exploitation, the payload is executed in context of administrator.",
183521+
"references": [
183522+
"ATT&CK-T1190",
183523+
"URL-https://code-white.com/blog/wsus-cve-2025-59287-analysis/",
183524+
"CVE-2025-59287"
183525+
],
183526+
"platform": "Windows",
183527+
"arch": "cmd",
183528+
"rport": "8530",
183529+
"autofilter_ports": [
183530+
80,
183531+
8080,
183532+
443,
183533+
8000,
183534+
8888,
183535+
8880,
183536+
8008,
183537+
3000,
183538+
8443
183539+
],
183540+
"autofilter_services": [
183541+
"http",
183542+
"https"
183543+
],
183544+
"targets": [
183545+
"Windows"
183546+
],
183547+
"mod_time": "2025-11-10 18:32:13 +0000",
183548+
"path": "/modules/exploits/windows/http/wsus_deserialization_rce.rb",
183549+
"is_install_path": true,
183550+
"ref_name": "windows/http/wsus_deserialization_rce",
183551+
"check": true,
183552+
"post_auth": false,
183553+
"default_credential": false,
183554+
"notes": {
183555+
"Stability": [
183556+
"crash-service-restarts"
183557+
],
183558+
"Reliability": [
183559+
"repeatable-session"
183560+
],
183561+
"SideEffects": [
183562+
"ioc-in-logs",
183563+
"screen-effects"
183564+
]
183565+
},
183566+
"session_types": false,
183567+
"needs_cleanup": null
183568+
},
183509183569
"exploit_windows/http/xampp_webdav_upload_php": {
183510183570
"name": "XAMPP WebDAV PHP Upload",
183511183571
"fullname": "exploit/windows/http/xampp_webdav_upload_php",

0 commit comments

Comments
 (0)