Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
AnalysisAI
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges locally via improper neutralization of SQL command elements. Affected versions include SQL Server 2016 SP3, 2017, 2019, 2022, and 2025 across multiple cumulative updates and GDR releases. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Risk Assessment | CVSS 6.7 reflects attack vector local (AV:L), low complexity (AC:L), and requirement for high privileges (PR:H), limiting exploitability to authenticated administrators or service accounts with sysadmin role. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A high-privilege SQL Server administrator (or a compromised service account with sysadmin role) executes a crafted SQL statement containing embedded SQL metacharacters or special syntax that the SQL Server query parser fails to neutralize. This causes the parser to misinterpret the statement, allowing the attacker to inject arbitrary SQL commands that escalate privileges further, extract sensitive data, modify database contents, or trigger denial of service. … |
| Remediation | Apply vendor-released patches immediately. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges loca
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22561
GHSA-vfhv-wjq9-p5qh