Rule Library
Sigma Rules
2 rules found for "CVE-2025-59287"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathighexperimental
Exploitation Activity of CVE-2025-59287 - WSUS Suspicious Child Process
Detects the creation of command-line interpreters (cmd.exe, powershell.exe) as child processes of Windows Server Update Services (WSUS) related process wsusservice.exe. This behavior is a key indicator of exploitation for the critical remote code execution vulnerability such as CVE-2025-59287, where attackers spawn shells to conduct reconnaissance and further post-exploitation activities.
WindowsProcess Creation
Huntress Labs+1Fri Oct 312025
Emerging Threathighexperimental
Exploitation Activity of CVE-2025-59287 - WSUS Deserialization
Detects cast exceptions in Windows Server Update Services (WSUS) application logs that highly indicate exploitation attempts of CVE-2025-59287, a deserialization vulnerability in WSUS.
Windowsapplication
Swachchhanda Shrawan Poudel (Nextron Systems)Fri Oct 312025