| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2025-49717 | Microsoft SQL Server Remote Code Execution Vulnerability | Microsoft SQL Server | Critical | 04-08-2025 |
Technical Information
A heap-based buffer overflow vulnerability in SQL Server could enable an authenticated attacker to execute arbitrary code over a network by sending a specially crafted query. To successfully exploit this flaw, the attacker must first perform additional steps to prepare the target environment, potentially allowing them to break out of the SQL Server context and run code on the underlying host system.
Patch release date: Jul 08, 2025
Further information on this vulnerability is available at : CVE-2025-49717
Affected Software
Microsoft SQL Server 2019 for x64-based Systems (GDR),Microsoft SQL Server 2022 for x64-based Systems (GDR),
Microsoft SQL Server 2019 for x64-based Systems (CU 32),
Microsoft SQL Server 2022 for x64-based Systems (CU 19)