CVE-2025-53727
published 2025-08-12CVE-2025-53727: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_sql_server_2016_service_pack_3 | >= 13.0.0 < 13.0.6465.1 | 13.0.6465.1 |
| microsoft | microsoft_sql_server_2016_service_pack_3_azure_connect_feature_pack | >= 13.0.0 < 13.0.7060.1 | 13.0.7060.1 |
| microsoft | microsoft_sql_server_2017 | >= 14.0.0 < 14.0.3500.1 | 14.0.3500.1 |
| microsoft | microsoft_sql_server_2017 | >= 14.0.0 < 14.0.2080.1 | 14.0.2080.1 |
| microsoft | microsoft_sql_server_2019 | >= 15.0.0 < 15.0.2140.1 | 15.0.2140.1 |
| microsoft | microsoft_sql_server_2019 | >= 15.0.0.0 < 15.0.4440.1 | 15.0.4440.1 |
| microsoft | microsoft_sql_server_2022 | >= 16.0.0 < 16.0.1145.1 | 16.0.1145.1 |
| microsoft | microsoft_sql_server_2022 | >= 16.0.0.0 < 16.0.4210.1 | 16.0.4210.1 |
| microsoft | sql_server_2016 | >= 13.0.6300.2 < 13.0.6465.1 | 13.0.6465.1 |
| microsoft | sql_server_2016 | >= 13.0.7000.253 < 13.0.7060.1 | 13.0.7060.1 |
| microsoft | sql_server_2017 | >= 14.0.1000.169 < 14.0.2080.1 | 14.0.2080.1 |
| microsoft | sql_server_2017 | >= 14.0.3006.16 < 14.0.3500.1 | 14.0.3500.1 |
| microsoft | sql_server_2019 | >= 15.0.2000.5 < 15.0.2140.1 | 15.0.2140.1 |
| microsoft | sql_server_2019 | >= 15.0.4003.23 < 15.0.4440.1 | 15.0.4440.1 |
| microsoft | sql_server_2022 | >= 16.0.1000.6 < 16.0.1145.1 | 16.0.1145.1 |
| microsoft | sql_server_2022 | >= 16.0.4003.1 < 16.0.4210.1 | 16.0.4210.1 |
| msrc | microsoft_sql_server_2016_for_x64-based_systems_service_pack_3 | — | — |
| msrc | microsoft_sql_server_2016_for_x64-based_systems_service_pack_3_azure_connect_fea | — | — |
| msrc | microsoft_sql_server_2017_for_x64-based_systems | — | — |
| msrc | microsoft_sql_server_2019_for_x64-based_systems | — | — |
| msrc | microsoft_sql_server_2022_for_x64-based_systems | — | — |