Hackers Scan WSUS Ports in Hunt for New CVE Flaw

Hackers scan WSUS ports 8530 and 8531 in rising numbers, targeting a critical vulnerability identified as CVE-2025-59287. Cybersecurity researchers and firewall monitoring firms have reported a sharp increase in network reconnaissance aimed at Windows Server Update Services (WSUS) infrastructure. Experts link this activity to potential exploitation efforts as attackers seek to identify unpatched systems.

The vulnerability, CVE-2025-59287, poses a significant risk to enterprise environments relying on WSUS for patch distribution. Analysts observed the spike through network sensors that detected unusual traffic on the specific TCP ports associated with WSUS, signaling a coordinated effort by malicious actors. Hackers scan WSUS ports aggressively, attempting to exploit weaknesses before organizations can apply security fixes.

Security teams are urged to monitor inbound traffic patterns and audit WSUS configurations immediately. As the threat landscape evolves, timely patch management and network segmentation remain critical.

Read the full article for more details:

Hackers Actively Scanning for TCP Port 8530/8531 Linked to WSUS Vulnerability CVE-2025-59287