Severity
High
Analysis Summary
CVE-2025-49719
Improper input validation in Microsoft SQL Server allows an unauthorized attacker to disclose information over a network.
Impact
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-49719
Affected Vendors
- Microsoft
Affected Products
- Microsoft SQL Server 2022 for x64-based Systems (CU 19) 16.0.1140.6
- Microsoft SQL Server 2019 for x64-based Systems (CU 32) 15.0.4435.7
- Microsoft SQL Server 2022 for x64-based Systems (GDR) 16.0.4200.1
- Microsoft SQL Server 2017 for x64-based Systems (CU 31) 14.0.3495.9
- Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack 13.0.7055.9
- Microsoft SQL Server 2019 for x64-based Systems (GDR) 15.0.2135.5
- Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR) 13.0.6460.7
- Microsoft SQL Server 2017 for x64-based Systems (GDR) 14.0.2075.8
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.