CVE-2025-47997: Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information…

medium5.3CVSS 3.1

AVNACHPRLUINSUCHINAN

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_sql_server_2016_service_pack_3	>= 13.0.0 < 13.0.6470.1	13.0.6470.1
microsoft	microsoft_sql_server_2016_service_pack_3_azure_connect_feature_pack	>= 13.0.0 < 13.0.7065.1	13.0.7065.1
microsoft	microsoft_sql_server_2017	>= 14.0.0 < 14.0.3505.1	14.0.3505.1
microsoft	microsoft_sql_server_2017	>= 14.0.0 < 14.0.2085.1	14.0.2085.1
microsoft	microsoft_sql_server_2019	>= 15.0.0 < 15.0.2145.1	15.0.2145.1
microsoft	microsoft_sql_server_2019	>= 15.0.0.0 < 15.0.4445.1	15.0.4445.1
microsoft	microsoft_sql_server_2022	>= 16.0.0 < 16.0.1150.1	16.0.1150.1
microsoft	microsoft_sql_server_2022	>= 16.0.0.0 < 16.0.4212.1	16.0.4212.1
microsoft	sql_server_2016	>= 13.0.6300.2 < 13.0.6470.1	13.0.6470.1
microsoft	sql_server_2016	>= 13.0.7000.253 < 13.0.7065.1	13.0.7065.1
microsoft	sql_server_2017	>= 14.0.1000.169 < 14.0.2085.1	14.0.2085.1
microsoft	sql_server_2017	>= 14.0.3006.16 < 14.0.3505.1	14.0.3505.1
microsoft	sql_server_2019	>= 15.0.2000.5 < 15.0.2145.1	15.0.2145.1
microsoft	sql_server_2019	>= 15.0.4003.23 < 15.0.4445.1	15.0.4445.1
microsoft	sql_server_2022	>= 16.0.1000.6 < 16.0.1150.1	16.0.1150.1
microsoft	sql_server_2022	>= 16.0.4003.1 < 16.0.4212.1	16.0.4212.1
msrc	microsoft_sql_server_2016_for_x64-based_systems_service_pack_3	—	—
msrc	microsoft_sql_server_2016_for_x64-based_systems_service_pack_3_azure_connect_fea	—	—
msrc	microsoft_sql_server_2017_for_x64-based_systems	—	—
msrc	microsoft_sql_server_2019_for_x64-based_systems	—	—
msrc	microsoft_sql_server_2022_for_x64-based_systems	—	—