CVE-2025-49719

HIGH

Microsoft SQL Server 2016-2022 Unauthenticated Information Disclosure via Network Input

Title source: llm
STIX 2.1

Description

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0887
EPSS Percentile 92.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (4)
microsoft/sql_server_2016 13.0.6300.2 - 13.0.6460.7
microsoft/sql_server_2017 14.0.1000.169 - 14.0.2075.8
microsoft/sql_server_2019 15.0.2000.5 - 15.0.2135.5
microsoft/sql_server_2022 16.0.1000.6 - 16.0.1140.6
Published Jul 08, 2025
Tracked Since Feb 18, 2026