Detections
Analytics

KB5070886: Windows Server 2012R2 WSUS RCE (CVE-2025-59287)

critical Nessus Plugin ID 271435

Language:

Synopsis

The remote Windows host is affected by a remote code execution vulnerability.

Description

The remote Windows host is missing security update 5070879, which addresses a remote code execution vulnerability in Windows Server Update Services (WSUS).

This plugin identifies vulnerable systems by performing the following checks:
 1. Validates the host is an affected Windows Server instance.
 2. Confirms the WSUS feature is installed by confirming the registry key 'Software\Microsoft\Update Services\' is present.
 3. Confirms the 'WsusService.exe' file exists to avoid false positives from incomplete uninstalls of the WSUS feature.
 4. If the service is present, it performs a version check on the 'Microsoft.UpdateServices.BaseApi.dll' file to determine if the system has a patched file version.

Solution

Apply Security Update 5070886

See Also

https://support.microsoft.com/help/5070886

Plugin Details

Severity: Critical

ID: 271435

File Name: smb_nt_ms25_oct_5070886.nasl

Version: 1.4

Type: local

Agent: windows

Published: 10/25/2025

Updated: 11/11/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2025-59287

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows_server_2012:r2

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/25/2025

Vulnerability Publication Date: 10/23/2025

CISA Known Exploited Vulnerability Due Dates: 11/14/2025

Reference Information

CVE: CVE-2025-59287

MSFT: MS25-5070886

MSKB: 5070886