Latest Microsoft SQL Server vulnerabilities #

Microsoft has disclosed three vulnerabilities in certain versions of Microsoft SQL Server:

  • SQL Server is affected by a heap-based buffer overflow vulnerability that may allow an authorized adversary to escape the SQL server context and remotely execute code on the target host. Successful exploitation of the vulnerability requires the adversary to prepare the target environment prior to executing a specially crafted query. This vulnerability has been designated CVE-2025-49717 and has been rated high with a CVSS score of 8.5.
  • SQL Server is affected by an information disclosure vulnerability due its use of an uninitialized resource. Successful exploitation may allow an unauthorized adversary to remotely inspect heap memory from a privileged process running on the target host. This vulnerability has been designated CVE-2025-49718 and has been rated high with a CVSS score of 7.5.
  • SQL Server is affected by an information disclosure vulnerability due to improper input validation. Successful exploitation may allow an unauthorized adversary to remotely inspect uninitialized memory on the target host. This vulnerability has been designated CVE-2025-49719 and has been rated high with a CVSS score of 7.5.

It may be possible that the information returned via CVE-2025-49718 and CVE-2025-49719 could aid in the successful exploitation of CVE-2025-49717, as these vulnerabilities may be useful for disclosing sensitive authentication information or for manipulating heap memory to be more amenable to exploitation.

The following versions are affected by CVE-2025-49717 and CVE-2025-49718

  • Microsoft SQL Server 2019 (GDR) versions 15.x prior to 15.0.2135.5
  • Microsoft SQL Server 2019 (CU 32) versions 15.x prior to 15.0.4435.7
  • Microsoft SQL Server 2022 (GDR) versions 16.x prior to 16.0.4200.1
  • Microsoft SQL Server 2022 (CU 19) versions 16.x prior to 16.0.1140.6

The following versions are affected by CVE-2025-49719

  • Microsoft SQL Server 2016 for Service Pack 2 (GDR) versions 13.x prior to 13.0.6460.7
  • Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack versions 13.x prior to 13.0.7055.9
  • Microsoft SQL Server 2017 (GDR) versions 14.x prior to 14.0.2075.8
  • Microsoft SQL Server 2017 (CU 31) versions 14.x prior to 14.0.3495.9
  • Microsoft SQL Server 2019 (GDR) versions 15.x prior to 15.0.2135.5
  • Microsoft SQL Server 2019 (CU 32) versions 15.x prior to 15.0.4435.7
  • Microsoft SQL Server 2022 (GDR) versions 16.x prior to 16.0.4200.1
  • Microsoft SQL Server 2022 (CU 19) versions 16.x prior to 16.0.1140.6

      What is the impact? #

      Successful exploitation of these vulnerabilities would allow an adversary to execute arbitrary code on the vulnerable host, potentially leading to complete system compromise, or leak sensitive information.

      Are any updates or workarounds available? #

      Users are encouraged to update to the latest version as quickly as possible.

      • Microsoft SQL Server 2016 for Service Pack 2 (GDR) upgrade to version 13.0.6460.7 or later
      • Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack upgrade to version 13.0.7055.9 or later
      • Microsoft SQL Server 2017 (GDR) upgrade to version 14.0.2075.8 or later
      • Microsoft SQL Server 2017 (CU 31) upgrade to version 14.0.3495.9 or later
      • Microsoft SQL Server 2019 (GDR) upgrade to version 15.0.2135.5 or later
      • Microsoft SQL Server 2019 (CU 32) upgrade to version 15.0.4435.7 or later
      • Microsoft SQL Server 2022 (GDR) upgrade to version 16.0.4200.1 or later
      • Microsoft SQL Server 2022 (CU 19) upgrade to version 16.0.1140.6 or later

      If the SQL Server version is not represented above then it is no longer supported. It is advised users upgrade their software to the latest Service Pack or SQL Server product in order to apply current and future security updates.

        How do I find Microsoft SQL Server installations with runZero? #

        From the Software Inventory, use the following query to locate potentially impacted assets:

        vendor:=Microsoft AND (product:="SQL Server"  OR product:="SQL Server 20%") AND ((version:>=13.0.0 AND version:<13.0.7055.9) OR (version:>=14.0.0 AND version:<14.0.3495.9) OR (version:>=15.0.0 AND version:<15.0.4435.7) OR (version:>=16.0.0 AND version:<16.0.4200.1))

        Written by Matthew Kienow

        Matthew Kienow is a software engineer and security researcher. Matthew previously worked on the Recog recognition framework, AttackerKB as well as Metasploit's MSF 5 APIs. He has also designed, built, and successfully deployed many secure software solutions; however, often he enjoys breaking them instead. He has presented his research at various security conferences including DerbyCon, Hack In Paris, and CarolinaCon. His research has been cited by CSO, Threatpost and SC Magazine.

        More about Matthew Kienow
        Subscribe Now

        Get the latest news and expert insights delivered in your inbox.

        Welcome to the club! Your subscription to our newsletter is successful.

        See Results in Minutes

        See & secure your total attack surface. Even the unknowns & unmanageable.