| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2025-49719 | Microsoft SQL Server Information Disclosure Vulnerability | Microsoft SQL Server | Important | 04-08-2025 |
Technical Information
An unauthorized attacker can exploit improper input validation in SQL Server to access uninitialized memory, potentially leading to the disclosure of sensitive information over a network.
Patch release date: Jul 08, 2025
Further information on this vulnerability is available at : CVE-2025-49719
Affected Software
Microsoft SQL Server 2017 for x64-based Systems (GDR),Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR),
Microsoft SQL Server 2019 for x64-based Systems (GDR),
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack,
Microsoft SQL Server 2017 for x64-based Systems (CU 31),
Microsoft SQL Server 2022 for x64-based Systems (GDR),
Microsoft SQL Server 2019 for x64-based Systems (CU 32),
Microsoft SQL Server 2022 for x64-based Systems (CU 19)