CVE-2025-49717
published 2025-07-08CVE-2025-49717: Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.
high8.5CVSS 3.1
AVNACHPRLUINSCCHIHAH
Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_sql_server_2019 | >= 15.0.0 < 15.0.2135.5 | 15.0.2135.5 |
| microsoft | microsoft_sql_server_2019 | >= 15.0.0.0 < 15.0.4435.7 | 15.0.4435.7 |
| microsoft | microsoft_sql_server_2022 | >= 16.0.0 < 16.0.1140.6 | 16.0.1140.6 |
| microsoft | microsoft_sql_server_2022 | >= 16.0.0.0 < 16.0.4200.1 | 16.0.4200.1 |
| microsoft | sql_server_2019 | >= 15.0.2000.5 < 15.0.2135.5 | 15.0.2135.5 |
| microsoft | sql_server_2019 | >= 15.0.4003.23 < 15.0.4435.7 | 15.0.4435.7 |
| microsoft | sql_server_2022 | >= 16.0.1000.6 < 16.0.1140.6 | 16.0.1140.6 |
| microsoft | sql_server_2022 | >= 16.0.4003.1 < 16.0.4200.1 | 16.0.4200.1 |
| msrc | microsoft_sql_server_2019_for_x64-based_systems | — | — |
| msrc | microsoft_sql_server_2022_for_x64-based_systems | — | — |