Full Report
Google Threat Intelligence Group is investigating a series of attacks linked to a hacker targeting a critical vulnerability in Windows Server Update Service, Cybersecurity Dive has learned. Threat activity has ramped up since last week after a proof of concept for the untrusted data vulnerability in WSUS, the service widely used to manage the deployment…
Analysis Summary
This summary is based solely on the information provided in the context snippet. Missing details (like CVSS score, CWE, specific versions, or patch details) are marked as "Not specified in context."
# Vulnerability: Critical Untrusted Data Vulnerability in WSUS
## CVE Details
- CVE ID: CVE-2025-59287
- CVSS Score: Not specified in context
- CWE: Untrusted data vulnerability
## Affected Systems
- Products: Windows Server Update Service (WSUS)
- Versions: Not specified in context
- Configurations: WSUS service widely used to manage the deployment of Microsoft product updates.
## Vulnerability Description
The vulnerability is described as an "untrusted data vulnerability" within the Windows Server Update Service (WSUS). Exploitation allows a threat actor to compromise systems leveraging this service.
## Exploitation
- Status: Exploited in the wild
- Complexity: Not specified in context (but active exploitation suggests manageable complexity)
- Attack Vector: Not specified in context
## Impact
- Confidentiality: Not specified in context
- Integrity: Not specified in context
- Availability: Not specified in context
## Remediation
### Patches
- Not specified in context. (Note: Investigation is ongoing, implying a patch status may be pending or undisclosed in this snippet.)
### Workarounds
- Not specified in context.
## Detection
- Threat Activity: Series of attacks under investigation by Google Threat Intelligence Group (GTIG), linked to threat actor UNC6512.
## References
- Vendor advisories: Google Threat Intelligence Group (GTIG) is actively investigating.
- Relevant links - defanged:
- [nvd.nist.gov/vuln/detail/CVE-2025-59287](https://nvd.nist.gov/vuln/detail/CVE-2025-59287) (Defanged: nvd[.]nist[.]gov/vuln/detail/CVE-2025-59287)
- [cybersecuritydive[.]com/news/google-threat-researchers-probe-exploitation-critical-cve-wsus/803985/](https://www.cybersecuritydive.com/news/google-threat-researchers-probe-exploitation-critical-cve-wsus/803985/) (Defanged: cybersecuritydive[.]com/news/google-threat-researchers-probe-exploitation-critical-cve-wsus/803985/)