SQL Server Information Disclosure Vulnerability in Microsoft
CVE-2025-49719

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Microsoft Sql Server 2017 (gdr)
Microsoft Sql Server 2016 For Service Pack 2 (gdr)
Microsoft Sql Server 2019 (gdr)
Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack
Vendor
CVE Published:
8 July 2025

Badges

📈 Score: 207👾 Exploit Exists📰 News Worthy

What is CVE-2025-49719?

CVE-2025-49719 is a serious vulnerability impacting Microsoft's SQL Server, a widely used relational database management system that supports a range of data-driven applications and business solutions. This vulnerability stems from improper input validation within the SQL Server, which enables unauthorized attackers to potentially disclose sensitive information over a network. Such a breach could allow attackers to access confidential data, harming the integrity and confidentiality of organizational information and potentially leading to serious ramifications for affected businesses, including regulatory penalties and reputational damage.

Potential Impact of CVE-2025-49719

  1. Information Disclosure: The primary risk associated with CVE-2025-49719 is the unauthorized disclosure of sensitive information. Attackers exploiting this vulnerability could gain access to critical data, which may include personal identifiable information (PII), financial records, or proprietary business data.

  2. Regulatory Compliance Risks: Organizations that fail to protect sensitive information may face compliance issues with data protection regulations such as GDPR or HIPAA. A breach resulting from this vulnerability could lead to investigations, fines, and other legal consequences.

  3. Reputational Damage: The exposure of sensitive information can severely damage an organization’s reputation, eroding customer trust and potentially leading to the loss of business. Rebuilding a tarnished reputation can require significant time and resources, further impacting an organization's bottom line.

Affected Version(s)

Microsoft SQL Server 2016 for Service Pack 2 (GDR) x64-based Systems 13.0.0 < 13.0.6460.7

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack x64-based Systems 13.0.0 < 13.0.7055.9

Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3495.9

News Articles

favicon imageKrebs on Security

Microsoft Patch Tuesday, July 2025 Edition

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire…

favicon imageSecurity Affairs

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

Microsoft released Patch Tuesday security updates for July 2025, which addressed 130 flaws, including one a Microsoft SQL Server zero-day.

favicon imagecsoonline.com

July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity

Heap-based buffer overflow in Windows rated 9.8 in severity and SharePoint RCE flaw also need immediate attention.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by csoonline.com

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49719 : SQL Server Information Disclosure Vulnerability in Microsoft