Cybersecurity and Infrastructure Security Agency (CISA) Binding Operational Directive (BOD) 22-01 Ordered U.S. Federal Civilian Executive Branch agencies to patch CVE-2025-59287
Public Sector Action
Summary
Hide ▲
Show ▼
CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to patch CVE-2025-59287, forcing remediation of an actively exploited WSUS RCE by November 14. The directive increases urgency for federal defenders because the flaw can let attackers reach SYSTEM privileges on exposed servers. It also puts a formal deadline on a vulnerability already added to the federal exploited-flaws catalog.
Related Happenings
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector Action
H score27
First: 10.06.2026 15:00
Last: 10.06.2026 15:00
Sources 1
About this happening:
**CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector ActionAbout this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA orders federal agencies to secure WatchGuard Firebox devices
Public Sector Action
H score42
First: 19.12.2025 12:25
Last: 19.12.2025 12:25
Sources 1
About this happening:
**CISA** ordered federal agencies to secure **WatchGuard Firebox** firewalls after tagging **CVE-2025-14733** as **actively exploited in the wild**, raising urgency for exposed fe...
CISA orders federal agencies to secure WatchGuard Firebox devices
Public Sector ActionAbout this happening: **CISA** ordered federal agencies to secure **WatchGuard Firebox** firewalls after tagging **CVE-2025-14733** as **actively exploited in the wild**, raising urgency for exposed fe...
CISA KEV remediation order for CVE-2024-1086
Public Sector Action
H score48
First: 31.10.2025 15:05
Last: 31.10.2025 15:05
Sources 1
About this happening:
CISA added **CVE-2024-1086** to the **Known Exploited Vulnerabilities (KEV) catalog** and ordered **federal agencies** to secure their systems by **June 20, 2024**, forcing urgent...
CISA KEV remediation order for CVE-2024-1086
Public Sector ActionAbout this happening: CISA added **CVE-2024-1086** to the **Known Exploited Vulnerabilities (KEV) catalog** and ordered **federal agencies** to secure their systems by **June 20, 2024**, forcing urgent...
WSUS servers CVE-2025-59287 exploitation wave
Exploitation Wave
H score61
First: 24.10.2025 19:28
Last: 24.10.2025 19:28
Sources 1
How related:
The day CVE-2025-59287 patches were released, American cybersecurity company Huntress found evidence of CVE-2025-59287 attacks targeting WSUS instances with their default ports (8530/TCP and 8531/TCP) exposed online.
About this happening:
**CVE-2025-59287** is being actively exploited against **WSUS-enabled Windows Server** systems, creating **SYSTEM-level remote code execution** risk on exposed servers. The wave m...
WSUS servers CVE-2025-59287 exploitation wave
Exploitation WaveHow related: The day CVE-2025-59287 patches were released, American cybersecurity company Huntress found evidence of CVE-2025-59287 attacks targeting WSUS instances with their default ports (8530/TCP and 8531/TCP) exposed online.
About this happening: **CVE-2025-59287** is being actively exploited against **WSUS-enabled Windows Server** systems, creating **SYSTEM-level remote code execution** risk on exposed servers. The wave m...
Windows Server Update Service RCE bug (CVE-2025-59287)
Vulnerability
H score59
First: 15.10.2025 00:53
Last: 15.10.2025 00:53
Sources 1
How related:
Tracked as CVE-2025-59287, this actively exploited, potentially wormable remote code execution (RCE) vulnerability affects Windows servers with the WSUS Server role (a feature that isn't enabled by default) that act as update sources for other WSUS servers within the organization.
About this happening:
**CVE-2025-59287** is a **critical WSUS RCE flaw** in **Windows Server Update Services** that can put update infrastructure at risk. Microsoft patched the bug in **October 2025**,...
Windows Server Update Service RCE bug (CVE-2025-59287)
VulnerabilityHow related: Tracked as CVE-2025-59287, this actively exploited, potentially wormable remote code execution (RCE) vulnerability affects Windows servers with the WSUS Server role (a feature that isn't enabled by default) that act as update sources for other WSUS servers within the organization.
About this happening: **CVE-2025-59287** is a **critical WSUS RCE flaw** in **Windows Server Update Services** that can put update infrastructure at risk. Microsoft patched the bug in **October 2025**,...
Timeline
-
27.10.2025 15:27 1 articles · 7mo ago
Huntress observes CVE-2025-59287 exploitation against exposed WSUS servers
Exploitation ObservedAmerican cybersecurity company Huntress found evidence of CVE-2025-59287 attacks targeting Windows Server Update Services instances with default ports 8530/TCP and 8531/TCP exposed online after the patches were released, indicating active exploitation of the WSUS Server role on internet-facing systems.
Show sources
- CISA orders feds to patch actively exploited Windows Server WSUS flaw — www.bleepingcomputer.com — 27.10.2025 15:27
-
27.10.2025 15:27 1 articles · 7mo ago
CISA orders federal agencies to patch CVE-2025-59287
Legal Policy Action UpdateThe Cybersecurity and Infrastructure Security Agency added CVE-2025-59287 to the Known Exploited Vulnerabilities catalog and ordered U.S. Federal Civilian Executive Branch agencies to patch affected Windows Server systems within three weeks, by November 14, 2025, while advising defenders to disable the WSUS Server role on vulnerable systems if immediate patching was not possible.
Show sources
- CISA orders feds to patch actively exploited Windows Server WSUS flaw — www.bleepingcomputer.com — 27.10.2025 15:27