CVE-2025-49718

MSR

High

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

CVSS

7.5

High

EPSS

0.03

p84

Published

2025-01-01

Updated

2025-01-01

Description

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

Tags · CWE

Pre-auth

CWE-908

Affected products

Sql_server_2019 15.0.2000.5–15.0.2135.5Sql_server_2019 15.0.4003.23–15.0.4435.7Sql_server_2022 16.0.1000.6–16.0.1140.6Sql_server_2022 16.0.4003.1–16.0.4200.1

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

2025-01-01

Published

2025-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: N

None (N)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.028 · p84

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Microsoft

Windows Sql Server 2019 Sql Server 2022

Product	Vendor	Status
sql_server_2019	*	Tracked
sql_server_2022	*	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked

Showing first 20 of 32

Source databases

MSR

CVE

Related vulnerabilities

BDU:2025-08684

External references

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718