Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cybersecurity and Infrastructure Security Agency (CISA) Binding Operational Directive (BOD) 22-01 Ordered U.S. Federal Civilian Executive Branch agencies to patch CVE-2025-59287

Public Sector Action
First reported
Last updated
Happening score
H score 51
1 unique sources, 1 articles

Summary

Hide ▲

CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to patch CVE-2025-59287, forcing remediation of an actively exploited WSUS RCE by November 14. The directive increases urgency for federal defenders because the flaw can let attackers reach SYSTEM privileges on exposed servers. It also puts a formal deadline on a vulnerability already added to the federal exploited-flaws catalog.

Related Happenings

CISA orders federal agencies to secure WatchGuard Firebox devices

Public Sector Action
First: 19.12.2025 12:25 Last: 19.12.2025 12:25 Sources 1

About this happening: **CISA** ordered federal agencies to secure **WatchGuard Firebox** firewalls after tagging **CVE-2025-14733** as **actively exploited in the wild**, raising urgency for exposed fe...

Open Happening

CISA KEV remediation order for CVE-2024-1086

Public Sector Action
First: 31.10.2025 15:05 Last: 31.10.2025 15:05 Sources 1

About this happening: CISA added **CVE-2024-1086** to the **Known Exploited Vulnerabilities (KEV) catalog** and ordered **federal agencies** to secure their systems by **June 20, 2024**, forcing urgent...

Open Happening

WSUS servers CVE-2025-59287 exploitation wave

Exploitation Wave
First: 24.10.2025 19:28 Last: 24.10.2025 19:28 Sources 1

How related: The day CVE-2025-59287 patches were released, American cybersecurity company Huntress found evidence of CVE-2025-59287 attacks targeting WSUS instances with their default ports (8530/TCP and 8531/TCP) exposed online.

About this happening: **CVE-2025-59287** is being actively exploited against **WSUS-enabled Windows Server** systems, creating **SYSTEM-level remote code execution** risk on exposed servers. The wave m...

Open Happening

Windows Server Update Service RCE bug (CVE-2025-59287)

Vulnerability
First: 15.10.2025 00:53 Last: 15.10.2025 00:53 Sources 1

How related: Tracked as CVE-2025-59287, this actively exploited, potentially wormable remote code execution (RCE) vulnerability affects Windows servers with the WSUS Server role (a feature that isn't enabled by default) that act as update sources for other WSUS servers within the organization.

About this happening: **CVE-2025-59287** is a **critical WSUS RCE flaw** in **Windows Server Update Services** that can put update infrastructure at risk. Microsoft patched the bug in **October 2025**,...

Open Happening

Cisco ASA and FTD zero-day patch release (CVE-2025-20333, CVE-2025-20362)

Security Patch Release
First: 25.09.2025 19:49 Last: 25.09.2025 19:49 Sources 1

About this happening: **Cisco** warned that **CVE-2025-20333** and **CVE-2025-20362** in **Cisco Secure Firewall ASA** and **Cisco Secure Firewall FTD** remain part of an **active exploitation** thread...

Latest development: 07.11.2025 17:44

Cisco became aware on November 5, 2025, of a new attack variant targeting Cisco Secure ASA Software and Cisco Secure FTD Software releases affected by CVE-2025-20333 and CVE-2025-20362, and the attack can cause unpatched devices to unexpectedly reload into denial-of-service conditions.

Open Happening

Timeline

  1. 27.10.2025 15:27 1 articles · 7mo ago

    Huntress observes CVE-2025-59287 exploitation against exposed WSUS servers

    Exploitation Observed

    American cybersecurity company Huntress found evidence of CVE-2025-59287 attacks targeting Windows Server Update Services instances with default ports 8530/TCP and 8531/TCP exposed online after the patches were released, indicating active exploitation of the WSUS Server role on internet-facing systems.

    Show sources
    Open in new tab
  2. 27.10.2025 15:27 1 articles · 7mo ago

    CISA orders federal agencies to patch CVE-2025-59287

    Legal Policy Action Update

    The Cybersecurity and Infrastructure Security Agency added CVE-2025-59287 to the Known Exploited Vulnerabilities catalog and ordered U.S. Federal Civilian Executive Branch agencies to patch affected Windows Server systems within three weeks, by November 14, 2025, while advising defenders to disable the WSUS Server role on vulnerable systems if immediate patching was not possible.

    Show sources
    Open in new tab