Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Microsoft SQL Server 2019 (CU 32)

Source -

CNA

CNA CVEs -

7

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
7Vulnerabilities found
CVE-2025-49759
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 25.38%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-26 Aug, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2016sql_server_2019sql_server_2022sql_server_2017Microsoft SQL Server 2022 for x64-based Systems (CU 20)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-24999
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.15%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-26 Aug, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2016sql_server_2019sql_server_2022sql_server_2017Microsoft SQL Server 2022 for x64-based Systems (CU 20)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-284
Improper Access Control
CVE-2025-53727
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 25.38%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-26 Aug, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2016sql_server_2019sql_server_2022sql_server_2017Microsoft SQL Server 2022 for x64-based Systems (CU 20)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-49758
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.15%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-26 Aug, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2016sql_server_2019sql_server_2022sql_server_2017Microsoft SQL Server 2022 for x64-based Systems (CU 20)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-49718
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.08% / 76.90%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:58
Updated-23 Aug, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Information Disclosure Vulnerability

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022sql_server_2019Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2022 (CU 19)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-49719
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.16%
||
7 Day CHG-0.05%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Information Disclosure Vulnerability

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022sql_server_2016sql_server_2017sql_server_2019Microsoft SQL Server 2016 for Service Pack 2 (GDR)Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2022 (CU 19)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2017 (CU 31)
CWE ID-CWE-20
Improper Input Validation
CVE-2025-49717
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-0.08% / 25.23%
||
7 Day CHG-0.01%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Remote Code Execution Vulnerability

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022sql_server_2019Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2022 (CU 19)
CWE ID-CWE-122
Heap-based Buffer Overflow