RCE Vulnerability Archives

Tech Optimizer

November 21, 2025

Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers

A severe remote code execution (RCE) vulnerability, designated as CVE-2025-12762, has been identified in pgAdmin4, affecting versions up to 9.9. This flaw allows attackers to execute arbitrary commands on the hosting server due to improper handling of code injection during server-mode restores from PLAIN-format dump files. It can be exploited by authenticated users with low privileges and requires only network access, classified as critical with a CVSS v3.1 score of 9.3 out of 10. The vulnerability is linked to unsafe command construction during the restore process, and pgAdmin developers have addressed it in version 10.0. Organizations are advised to upgrade to pgAdmin 10.0 or later, disable PLAIN-format restores, and audit access controls.

Winsage

November 3, 2025

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

An out-of-band security update, KB5070881, has disrupted the hotpatching feature for some Windows Server 2025 devices. This update was released alongside reports of the CVE-2025-59287 remote code execution vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has instructed U.S. government agencies to strengthen their systems against this vulnerability. Microsoft has acknowledged that the OOB update caused some Hotpatch-enrolled Windows Server 2025 systems to lose their enrollment status and has ceased distributing the update to these devices. Those who installed the update will not receive Hotpatch updates in November and December but will get standard monthly security updates. Administrators can install the KB5070893 security update to address the CVE-2025-59287 flaw without disrupting hotpatching. Microsoft has also disabled the display of synchronization error details in its WSUS error reporting system and resolved various issues affecting Windows 11.

Winsage

October 24, 2025

Windows Server emergency patches fix WSUS bug with PoC exploit

Microsoft has released out-of-band security updates to address a critical-severity vulnerability in its Windows Server Update Service (WSUS), tracked as CVE-2025-59287. This remote code execution flaw affects Windows servers with the WSUS Server Role enabled, allowing low-complexity remote attacks without user interaction. If the WSUS server role is enabled and the fix is not installed, the server becomes vulnerable. Microsoft recommends that customers install the updates immediately and provided alternative measures, such as disabling the WSUS Server Role or blocking inbound traffic to Ports 8530 and 8531. The update is cumulative and supersedes all previous updates for affected versions. After installation, WSUS will no longer display synchronization error details as a temporary risk mitigation measure.

Winsage

October 24, 2025

Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability

Microsoft released an emergency patch on October 23, 2025, to address a critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS). The vulnerability, rated critical with a CVSS score of 9.8, allows unauthorized attackers to execute arbitrary code over the network through unsafe deserialization of untrusted data. Although WSUS is not enabled by default, organizations using it are at risk if unpatched. The CVE's temporal score was updated to 8.8 after proof-of-concept exploit code was confirmed. The patch is available through various Microsoft update channels but requires a server reboot. Temporary workarounds include disabling the WSUS server role or blocking specific inbound traffic. Affected versions include Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2022 (23H2 Edition), and 2025, each with corresponding patch KB numbers.

Winsage

October 15, 2025

October 2025 Patch Tuesday: Holes in Windows Server Update Service and an ancient modem driver

CVE-2025-59287 is a critical vulnerability in the Windows Server Update Service (WSUS) with a CVSSv3 score of 9.8, allowing for remote code execution (RCE) through deserialization of untrusted data. It is the first RCE vulnerability in WSUS and has been classified as ‘Exploitation More Likely’ by Microsoft. Organizations are urged to prioritize patching and reassess their WSUS server exposure to prevent attackers from deploying malicious updates. Additionally, two RCE vulnerabilities, CVE-2025-59227 and CVE-2025-59234, have been identified in Microsoft Office, which can be exploited through social engineering via the Preview Pane feature, allowing attackers to execute code without the target opening the document. Critical vulnerabilities have also been reported in the Agere modem driver, which has been part of Windows operating systems for nearly two decades, highlighting issues with legacy software in cybersecurity.

Winsage

August 13, 2025

Microsoft Teams RCE Vulnerability Let Attackers Read, Write and Delete Messages

Microsoft has identified a critical remote code execution (RCE) vulnerability in its Teams software, designated as CVE-2025-53783, during the August 2025 Patch Tuesday updates. This heap-based buffer overflow vulnerability allows unauthorized attackers to manipulate user messages and data through network code execution. It has a CVSS 3.1 score of 7.5, categorized as “Important.” Exploitation requires user interaction, such as clicking a malicious link or opening a specially crafted file. Microsoft has issued a fix and recommends users implement the latest security updates. There have been no public disclosures or active exploitation of this vulnerability, and its likelihood of exploitation is assessed as “Less Likely.” The vulnerability is part of a broader update addressing 107 flaws, including a zero-day vulnerability in Windows Kerberos. Security experts advise organizations using Microsoft Teams to prioritize the August 2025 security updates due to the serious risk of data compromise.

AppWizard

July 8, 2025

Gamers hacked playing Call of Duty: WWII—PC version temporarily taken offline

The PC version of Call of Duty: WWII has been temporarily taken offline due to a serious security concern involving a remote code execution (RCE) vulnerability. This flaw allows attackers to execute malicious code on players' machines without consent, leading to unauthorized control during multiplayer sessions. Exploits reported include opening command prompts, sending messages via Notepad, forcing remote shutdowns, and changing desktop wallpapers. The vulnerability is particularly concerning for PC gamers using Microsoft’s Game Pass subscription service, as it stems from the game's reliance on peer-to-peer networking. Activision is speculated to be enhancing its anti-cheat systems in response, but the effectiveness of updates to address the RCE vulnerability is uncertain.

Winsage

June 10, 2025

APT Hackers Exploited WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware

A cyberattack campaign by the advanced persistent threat group Stealth Falcon targeted a prominent Turkish defense company using a zero-day vulnerability identified as CVE-2025-33053. This vulnerability allowed attackers to manipulate the working directory of legitimate Windows tools to execute malware from their WebDAV servers. The attack was initiated through a spear-phishing email containing a malicious .url file that directed the system to a legitimate Internet Explorer utility, which was then exploited to execute malicious files. The attackers employed process hollowing to bypass traditional defenses. Stealth Falcon, also known as FruityArmor, has been conducting cyber espionage since at least 2012, targeting government and defense sectors in Turkey, Qatar, Egypt, and Yemen. The attack involved a multi-stage infection chain leading to the deployment of "Horus Agent," a custom implant designed for advanced reconnaissance and equipped with anti-analysis techniques. Researchers identified additional custom tools used by Stealth Falcon, including a DC Credential Dumper and a custom keylogger. The group utilizes repurposed legitimate domains to blend their infrastructure with legitimate traffic, complicating detection efforts.

Winsage

May 15, 2025

Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition

The Microsoft Security Response Center (MSRC) has released critical security updates to address a significant vulnerability in the Windows Remote Desktop Gateway service, identified as CVE-2025-26677, which allows unauthorized attackers to cause denial of service (DoS) conditions. This vulnerability is rated as "High" severity with a CVSS score of 7.5 and affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft has provided security updates (KB5058383, KB5058392, KB5058385, and KB5058411) to rectify the issue. Additionally, another vulnerability, CVE-2025-29831, has been identified that could enable remote code execution (RCE) through a Use After Free weakness, also rated with a CVSS score of 7.5. This vulnerability requires user interaction, specifically an admin user to stop or restart the service, and affects Windows Server versions 2008 R2, 2012/R2, 2016, 2019, 2022, and 2025. Organizations are advised to prioritize patching both vulnerabilities and to review network configurations to limit exposure of Remote Desktop Gateway services. The vulnerabilities were discovered by security researchers from Kunlun Lab.

Winsage

March 13, 2025

Microsoft Patches a Whopping Seven Zero-Days in March

Microsoft's March Patch Tuesday revealed over 50 new vulnerabilities, including seven zero-day vulnerabilities, six of which are currently being exploited. Key vulnerabilities include: - CVE-2025-26633: Security feature bypass in Microsoft Management Console, CVSS score 7.0. - CVE-2025-24993: Remote code execution (RCE) vulnerability in Windows NTFS, CVSS score 7.8. - CVE-2025-24991: Information disclosure vulnerability in Windows NTFS, CVSS score 5.5. - CVE-2025-24985: RCE vulnerability in Windows Fast FAT File System Driver, CVSS score 7.8. - CVE-2025-24984: Information disclosure vulnerability in Windows NTFS, CVSS score 4.6. - CVE-2025-24983: Elevation of privilege (EoP) vulnerability in Windows Win32 Kernel Subsystem, CVSS score 7.0. - CVE-2025-26630: RCE vulnerability in Microsoft Access, CVSS score 7.8. This month's patch list includes 23 EoP and 23 RCE vulnerabilities, with all six critical vulnerabilities being RCEs. Notably, CVE-2025-24084 affects the Windows Subsystem for Linux (WSL2) kernel, and CVE-2025-26645 impacts the remote desktop client (RDP), allowing attackers to achieve remote code execution on vulnerable clients.