🗓️ Join us for the next exciting episode of runZero Hour on July 16. Register Now!

On This Page:

  1. Latest Microsoft SQL Server vulnerabilities
  2. What is the impact?
  3. Are any updates or workarounds available?
  4. How do I find Microsoft SQL Server installations with runZero?

How to find Microsoft SQL Server installations on your network

Matthew Kienow
|
Updated

Latest Microsoft SQL Server vulnerabilities #

Microsoft has disclosed three vulnerabilities in certain versions of Microsoft SQL Server:

  • SQL Server is affected by a heap-based buffer overflow vulnerability that may allow an authorized adversary to escape the SQL server context and remotely execute code on the target host. Successful exploitation of the vulnerability requires the adversary to prepare the target environment prior to executing a specially crafted query. This vulnerability has been designated CVE-2025-49717 and has been rated high with a CVSS score of 8.5.
  • SQL Server is affected by an information disclosure vulnerability due its use of an uninitialized resource. Successful exploitation may allow an unauthorized adversary to remotely inspect heap memory from a privileged process running on the target host. This vulnerability has been designated CVE-2025-49718 and has been rated high with a CVSS score of 7.5.
  • SQL Server is affected by an information disclosure vulnerability due to improper input validation. Successful exploitation may allow an unauthorized adversary to remotely inspect uninitialized memory on the target host. This vulnerability has been designated CVE-2025-49719 and has been rated high with a CVSS score of 7.5.

It may be possible that the information returned via CVE-2025-49718 and CVE-2025-49719 could aid in the successful exploitation of CVE-2025-49717, as these vulnerabilities may be useful for disclosing sensitive authentication information or for manipulating heap memory to be more amenable to exploitation.

The following versions are affected by CVE-2025-49717 and CVE-2025-49718

  • Microsoft SQL Server 2019 (GDR) versions 15.x prior to 15.0.2135.5
  • Microsoft SQL Server 2019 (CU 32) versions 15.x prior to 15.0.4435.7
  • Microsoft SQL Server 2022 (GDR) versions 16.x prior to 16.0.4200.1
  • Microsoft SQL Server 2022 (CU 19) versions 16.x prior to 16.0.1140.6

The following versions are affected by CVE-2025-49719

  • Microsoft SQL Server 2016 for Service Pack 2 (GDR) versions 13.x prior to 13.0.6460.7
  • Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack versions 13.x prior to 13.0.7055.9
  • Microsoft SQL Server 2017 (GDR) versions 14.x prior to 14.0.2075.8
  • Microsoft SQL Server 2017 (CU 31) versions 14.x prior to 14.0.3495.9
  • Microsoft SQL Server 2019 (GDR) versions 15.x prior to 15.0.2135.5
  • Microsoft SQL Server 2019 (CU 32) versions 15.x prior to 15.0.4435.7
  • Microsoft SQL Server 2022 (GDR) versions 16.x prior to 16.0.4200.1
  • Microsoft SQL Server 2022 (CU 19) versions 16.x prior to 16.0.1140.6

      What is the impact? #

      Successful exploitation of these vulnerabilities would allow an adversary to execute arbitrary code on the vulnerable host, potentially leading to complete system compromise, or leak sensitive information.

      Are any updates or workarounds available? #

      Users are encouraged to update to the latest version as quickly as possible.

      • Microsoft SQL Server 2016 for Service Pack 2 (GDR) upgrade to version 13.0.6460.7 or later
      • Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack upgrade to version 13.0.7055.9 or later
      • Microsoft SQL Server 2017 (GDR) upgrade to version 14.0.2075.8 or later
      • Microsoft SQL Server 2017 (CU 31) upgrade to version 14.0.3495.9 or later
      • Microsoft SQL Server 2019 (GDR) upgrade to version 15.0.2135.5 or later
      • Microsoft SQL Server 2019 (CU 32) upgrade to version 15.0.4435.7 or later
      • Microsoft SQL Server 2022 (GDR) upgrade to version 16.0.4200.1 or later
      • Microsoft SQL Server 2022 (CU 19) upgrade to version 16.0.1140.6 or later

      If the SQL Server version is not represented above then it is no longer supported. It is advised users upgrade their software to the latest Service Pack or SQL Server product in order to apply current and future security updates.

        How do I find Microsoft SQL Server installations with runZero? #

        From the Software Inventory, use the following query to locate potentially impacted assets:

        vendor:=Microsoft AND (product:="SQL Server"  OR product:="SQL Server 20%") AND ((version:>=13.0.0 AND version:<13.0.7055.9) OR (version:>=14.0.0 AND version:<14.0.3495.9) OR (version:>=15.0.0 AND version:<15.0.4435.7) OR (version:>=16.0.0 AND version:<16.0.4200.1))

        Written by Matthew Kienow

        Matthew Kienow is a software engineer and security researcher. Matthew previously worked on the Recog recognition framework, AttackerKB as well as Metasploit's MSF 5 APIs. He has also designed, built, and successfully deployed many secure software solutions; however, often he enjoys breaking them instead. He has presented his research at various security conferences including DerbyCon, Hack In Paris, and CarolinaCon. His research has been cited by CSO, Threatpost and SC Magazine.

        More about Matthew Kienow
        Subscribe Now

        Get the latest news and expert insights delivered in your inbox.

        Welcome to the club! Your subscription to our newsletter is successful.

        Explore more

        Watch Now • On Demand
        Vulnerability management is broken: what's the fix?

        HD Moore and Omdia analyst Rik Turner discuss why traditional vulnerability management is struggling in modern IT infrastructures, why CVEs don’t tell the full story, and why prioritization alone isn’t enough to close critical security gaps.

        Watch Now
        runZero Hour, Episode 17
        The State of Vuln Management, Our Approach, and a Deep Dive into New Risk Findings
        On this special edition of runZero Hour, join VP of Security Research Tod Beardsley and Security Research Director Rob King for a deep dive into the future of exposure management.
        Watch Now
        Product Release
        Tackling the New Era of Exposure Management
        Fixing what’s broken with legacy tools and overcoming decades-old problems requires a new approach. Dive into how we do it at runZero.
        Read More
        Webcast
        The Unreasonable Effectiveness of Inside Out Attack Surface Management
        HD Moore, founder of runZero (and previously Metasploit), presents new research that will forever redefine how you approach attack surface management.
        Watch Now

        See Results in Minutes

        See & secure your total attack surface. Even the unknowns & unmanageable.

        Try runZero for Free
        © Copyright 2025 runZero, Inc. All Rights Reserved