Home
Description
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
PUBLISHED Reserved 2025-06-09 | Published 2025-08-12 | Updated 2025-09-17 | Assigner microsoft
HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Problem types
CWE-269: Improper Privilege Management
Product status
14.0.0 before 14.0.2080.1
affected
15.0.0 before 15.0.2140.1
affected
13.0.0 before 13.0.6465.1
affected
13.0.0 before 13.0.7060.1
affected
14.0.0 before 14.0.3500.1
affected
16.0.0 before 16.0.1145.1
affected
16.0.0.0 before 16.0.4210.1
affected
15.0.0.0 before 15.0.4440.1
affected
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49758 (Microsoft SQL Server Elevation of Privilege Vulnerability) vendor-advisory
cve.org
(CVE-2025-49758)
nvd.nist.gov
(CVE-2025-49758)
Download JSON
