SQL Server Information Disclosure Vulnerability in Microsoft
CVE-2025-49719

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Sql Server 2017 (gdr); Microsoft Sql Server 2016 For Service Pack 2 (gdr); Microsoft Sql Server 2019 (gdr); Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack
Vendor: CVE Published:; 8 July 2025

Badges

📈 Score: 207👾 Exploit Exists📰 News Worthy

What is CVE-2025-49719?

CVE-2025-49719 is a serious vulnerability impacting Microsoft's SQL Server, a widely used relational database management system that supports a range of data-driven applications and business solutions. This vulnerability stems from improper input validation within the SQL Server, which enables unauthorized attackers to potentially disclose sensitive information over a network. Such a breach could allow attackers to access confidential data, harming the integrity and confidentiality of organizational information and potentially leading to serious ramifications for affected businesses, including regulatory penalties and reputational damage.

Potential Impact of CVE-2025-49719

Information Disclosure: The primary risk associated with CVE-2025-49719 is the unauthorized disclosure of sensitive information. Attackers exploiting this vulnerability could gain access to critical data, which may include personal identifiable information (PII), financial records, or proprietary business data.
Regulatory Compliance Risks: Organizations that fail to protect sensitive information may face compliance issues with data protection regulations such as GDPR or HIPAA. A breach resulting from this vulnerability could lead to investigations, fines, and other legal consequences.
Reputational Damage: The exposure of sensitive information can severely damage an organization’s reputation, eroding customer trust and potentially leading to the loss of business. Rebuilding a tarnished reputation can require significant time and resources, further impacting an organization's bottom line.

Affected Version(s)

Microsoft SQL Server 2016 for Service Pack 2 (GDR) x64-based Systems 13.0.0 < 13.0.6460.7

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack x64-based Systems 13.0.0 < 13.0.7055.9

Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3495.9

News Articles

Krebs on Security

CVE-2025-49719 CVE-2025-47178

Microsoft Patch Tuesday, July 2025 Edition

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire…

3 days ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jul 9, 2025
📰
First article discovered by Krebs on Security
Jul 9, 2025
Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jun 9, 2025