cbcvebase.
CVE-2025-49719
published 2025-07-08

CVE-2025-49719: Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

Affected

21 ranges
VendorProductVersion rangeFixed in
microsoftmicrosoft_sql_server_2016_for_service_pack_2>= 13.0.0 < 13.0.6460.713.0.6460.7
microsoftmicrosoft_sql_server_2016_service_pack_3_azure_connect_feature_pack>= 13.0.0 < 13.0.7055.913.0.7055.9
microsoftmicrosoft_sql_server_2017>= 14.0.0 < 14.0.3495.914.0.3495.9
microsoftmicrosoft_sql_server_2017>= 14.0.0 < 14.0.2075.814.0.2075.8
microsoftmicrosoft_sql_server_2019>= 15.0.0 < 15.0.2135.515.0.2135.5
microsoftmicrosoft_sql_server_2019>= 15.0.0.0 < 15.0.4435.715.0.4435.7
microsoftmicrosoft_sql_server_2022>= 16.0.0 < 16.0.1140.616.0.1140.6
microsoftmicrosoft_sql_server_2022>= 16.0.0.0 < 16.0.4200.116.0.4200.1
microsoftsql_server_2016>= 13.0.6300.2 < 13.0.6460.713.0.6460.7
microsoftsql_server_2016>= 13.0.7000.253 < 13.0.7055.913.0.7055.9
microsoftsql_server_2017>= 14.0.1000.169 < 14.0.2075.814.0.2075.8
microsoftsql_server_2017>= 14.0.3006.16 < 14.0.3495.914.0.3495.9
microsoftsql_server_2019>= 15.0.2000.5 < 15.0.2135.515.0.2135.5
microsoftsql_server_2019>= 15.0.4003.23 < 15.0.4435.715.0.4435.7
microsoftsql_server_2022>= 16.0.1000.6 < 16.0.1140.616.0.1140.6
microsoftsql_server_2022>= 16.0.4003.1 < 16.0.4200.116.0.4200.1
msrcmicrosoft_sql_server_2016_for_x64-based_systems_service_pack_2
msrcmicrosoft_sql_server_2016_for_x64-based_systems_service_pack_3_azure_connect_fea
msrcmicrosoft_sql_server_2017_for_x64-based_systems
msrcmicrosoft_sql_server_2019_for_x64-based_systems
msrcmicrosoft_sql_server_2022_for_x64-based_systems