Home

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.

PUBLISHED Reserved 2025-05-14 | Published 2025-09-09 | Updated 2025-09-25 | Assigner microsoft




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Problem types

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

14.0.0 (custom) before 14.0.2085.1
affected

15.0.0 (custom) before 15.0.2145.1
affected

13.0.0 (custom) before 13.0.6470.1
affected

13.0.0 (custom) before 13.0.7065.1
affected

14.0.0 (custom) before 14.0.3505.1
affected

16.0.0 (custom) before 16.0.1150.1
affected

16.0.0.0 (custom) before 16.0.4212.1
affected

15.0.0.0 (custom) before 15.0.4445.1
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47997 (Microsoft SQL Server Information Disclosure Vulnerability) vendor-advisory

cve.org (CVE-2025-47997)

nvd.nist.gov (CVE-2025-47997)

Download JSON