Microsoft Sql Server 2022 For X64 Based Systems Cu 25
Monthly
Privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated attacker to inject crafted SQL commands over the network and gain higher database privileges (CVSS 8.8). The flaw is a classic improper neutralization of special elements (CWE-89) reachable by any principal already holding low-level database access. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV, though a vendor patch is available.
Local privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an already-authenticated database user to gain higher privileges on the host by controlling a file name or path used by the server engine. The CVSS 3.1 base score is 7.8 with high impact to confidentiality, integrity, and availability, and Microsoft has released a patch. There is no public exploit identified at time of analysis, and the CVE is not in CISA KEV.
Remote code execution in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated, low-privileged attacker to run arbitrary code on the database server by sending crafted data that the engine deserializes unsafely (CWE-502). Any account able to submit queries or data over the network to a vulnerable instance can achieve full compromise of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 8.8 rating and the RCE-with-low-privilege profile make it a high-priority patch.
Local privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an already-authenticated database user to escalate their privileges by injecting crafted special elements into an SQL command. Microsoft has released a fix and reported the flaw; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Because exploitation requires existing low-level access, the realistic threat is an insider or a compromised low-privilege account pivoting to higher database privileges.
Privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated attacker to inject crafted SQL commands over the network and gain higher database privileges (CVSS 8.8). The flaw is a classic improper neutralization of special elements (CWE-89) reachable by any principal already holding low-level database access. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV, though a vendor patch is available.
Local privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an already-authenticated database user to gain higher privileges on the host by controlling a file name or path used by the server engine. The CVSS 3.1 base score is 7.8 with high impact to confidentiality, integrity, and availability, and Microsoft has released a patch. There is no public exploit identified at time of analysis, and the CVE is not in CISA KEV.
Remote code execution in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated, low-privileged attacker to run arbitrary code on the database server by sending crafted data that the engine deserializes unsafely (CWE-502). Any account able to submit queries or data over the network to a vulnerable instance can achieve full compromise of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 8.8 rating and the RCE-with-low-privilege profile make it a high-priority patch.
Local privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an already-authenticated database user to escalate their privileges by injecting crafted special elements into an SQL command. Microsoft has released a fix and reported the flaw; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Because exploitation requires existing low-level access, the realistic threat is an insider or a compromised low-privilege account pivoting to higher database privileges.