← Back

CVE-2025-49718

nvd nist
Published: Jul 8, 2025Modified: Jul 17, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: secure@microsoft.com (Secondary)

Description

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

Affected (4)

Microsoft
2 products
Sql Server 2019
Sql Server 2022
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Sql Server 2019
From 15.0.2000.5 to 15.0.2135.5
Sql Server 2019
From 15.0.4003.23 to 15.0.4435.7
Microsoft
Sql Server 2022
From 16.0.1000.6 to 16.0.1140.6
Sql Server 2022
From 16.0.4003.1 to 16.0.4200.1

Related CWEs

CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

References (1)

Source: secure@microsoft.com
Vendor Advisory

Timeline

No history available yet.