Mastodawn

CVE-2025-59287 WSUS Unauthenticated RCE

Vulnerability in update service enables unauthenticated attacker to send crafted encrypted cookie leading to unsafe deserialization and SYSTEM-level code execution

https://hawktrace.com/blog/CVE-2025-59287-UNAUTH

#Deserialization #PatchMgmt

CVE-2025-59287 WSUS Unauthenticated RCE

A technical WSUS advisory for CVE-2025-59287: unsafe deserialization in Windows Server Update Services that allows remote code execution.

HawkTrace Research

Intelemodel Aug 8, 2025

Chrome PIP UI spoofing (CVE-2025-8577) poses medium risk by tricking users via crafted HTML. SMBs: enforce Chrome auto-updates, upgrade to v139.0.7258.66+, update browser policies, brief staff on phishing signs. #Security #PatchMgmt

https://cvefeed.io/vuln/detail/CVE-2025-8577

CVE-2025-8577 - Google Chrome Picture In Picture UI Spoofing Vulnerability

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

cvefeed.io

Intelemodel Aug 8, 2025

A medium-severity use-after-free flaw in Chrome’s Cast component allows remote heap corruption via crafted HTML. Ensure all business endpoints run Chrome 139.0.7258.66+ to close the gap. #SMBSecurity #PatchMgmt

https://cvefeed.io/vuln/detail/CVE-2025-8578

CVE-2025-8578 - Google Chrome Use After Free Heap Corruption Vulnerability

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

cvefeed.io