SQL Server Information Disclosure Vulnerability in Microsoft
CVE-2025-49719
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 8 July 2025
Badges
What is CVE-2025-49719?
CVE-2025-49719 is a serious vulnerability impacting Microsoft's SQL Server, a widely used relational database management system that supports a range of data-driven applications and business solutions. This vulnerability stems from improper input validation within the SQL Server, which enables unauthorized attackers to potentially disclose sensitive information over a network. Such a breach could allow attackers to access confidential data, harming the integrity and confidentiality of organizational information and potentially leading to serious ramifications for affected businesses, including regulatory penalties and reputational damage.
Potential Impact of CVE-2025-49719
-
Information Disclosure: The primary risk associated with CVE-2025-49719 is the unauthorized disclosure of sensitive information. Attackers exploiting this vulnerability could gain access to critical data, which may include personal identifiable information (PII), financial records, or proprietary business data.
-
Regulatory Compliance Risks: Organizations that fail to protect sensitive information may face compliance issues with data protection regulations such as GDPR or HIPAA. A breach resulting from this vulnerability could lead to investigations, fines, and other legal consequences.
-
Reputational Damage: The exposure of sensitive information can severely damage an organization’s reputation, eroding customer trust and potentially leading to the loss of business. Rebuilding a tarnished reputation can require significant time and resources, further impacting an organization's bottom line.
Affected Version(s)
Microsoft SQL Server 2016 for Service Pack 2 (GDR) x64-based Systems 13.0.0 < 13.0.6460.7
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack x64-based Systems 13.0.0 < 13.0.7055.9
Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3495.9
News Articles
Microsoft Patch Tuesday, July 2025 Edition
Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire…
3 weeks ago
Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day
Microsoft released Patch Tuesday security updates for July 2025, which addressed 130 flaws, including one a Microsoft SQL Server zero-day.
3 weeks ago

July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Heap-based buffer overflow in Windows rated 9.8 in severity and SharePoint RCE flaw also need immediate attention.
4 weeks ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by csoonline.com
Vulnerability published
Vulnerability Reserved