Home
Description
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
PUBLISHED Reserved 2025-01-30 | Published 2025-08-12 | Updated 2025-09-17 | Assigner microsoft
HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Problem types
CWE-284: Improper Access Control
Product status
14.0.0 before 14.0.2080.1
affected
15.0.0 before 15.0.2140.1
affected
13.0.0 before 13.0.6465.1
affected
13.0.0 before 13.0.7060.1
affected
14.0.0 before 14.0.3500.1
affected
16.0.0 before 16.0.1145.1
affected
15.0.0.0 before 15.0.4440.1
affected
16.0.0.0 before 16.0.4210.1
affected
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24999 (Microsoft SQL Server Elevation of Privilege Vulnerability) vendor-advisory
cve.org
(CVE-2025-24999)
nvd.nist.gov
(CVE-2025-24999)
Download JSON
