Home

Description

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.

PUBLISHED Reserved 2025-09-11 | Published 2025-10-14 | Updated 2025-11-22 | Assigner microsoft




HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Problem types

CWE-20: Improper Input Validation

Product status

1.0.0 (custom) before 12.4.3
affected

1.0.0 (custom) before 12.2.1
affected

1.0.0 (custom) before 12.8.2
affected

1.0.0 (custom) before 10.2.4
affected

1.0.0 (custom) before 11.2.4
affected

1.0.0 (custom) before 12.6.5
affected

1.0.0 (custom) before 13.2.1
affected

1.0.0 (custom) before 12.10.2
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59250 (JDBC Driver for SQL Server Spoofing Vulnerability) vendor-advisory

cve.org (CVE-2025-59250)

nvd.nist.gov (CVE-2025-59250)

Download JSON