CVE-2025-47954: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Affected

5 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_sql_server_2022	>= 16.0.0 < 16.0.1145.1	16.0.1145.1
microsoft	microsoft_sql_server_2022	>= 16.0.0.0 < 16.0.4210.1	16.0.4210.1
microsoft	sql_server_2022	>= 16.0.1000.6 < 16.0.1145.1	16.0.1145.1
microsoft	sql_server_2022	>= 16.0.4003.1 < 16.0.4210.1	16.0.4210.1
msrc	microsoft_sql_server_2022_for_x64-based_systems	—	—