Microsoft Sql Server 2025 For X64 Based Systems Gdr
Monthly
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges locally via improper neutralization of SQL command elements. Affected versions include SQL Server 2016 SP3, 2017, 2019, 2022, and 2025 across multiple cumulative updates and GDR releases. The CVSS 6.7 score reflects the requirement for high-privilege authentication and local attack vector, but the high confidentiality, integrity, and availability impact makes this a material risk f
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges locally through improper neutralization of special elements in SQL commands. Affected versions span SQL Server 2016 SP3 through 2025, with patch available from Microsoft. Attack requires local access and high-privilege credentials (PR:H in CVSS vector), limiting real-world impact to insider threats or compromised administrative accounts; CVSS 6.7 reflects high confidentiality, integrity, and availability impact but constrained by authentication and local-only attack vector.
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges locally via improper neutralization of SQL command elements. Affected versions include SQL Server 2016 SP3, 2017, 2019, 2022, and 2025 across multiple cumulative updates and GDR releases. The CVSS 6.7 score reflects the requirement for high-privilege authentication and local attack vector, but the high confidentiality, integrity, and availability impact makes this a material risk f
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges locally through improper neutralization of special elements in SQL commands. Affected versions span SQL Server 2016 SP3 through 2025, with patch available from Microsoft. Attack requires local access and high-privilege credentials (PR:H in CVSS vector), limiting real-world impact to insider threats or compromised administrative accounts; CVSS 6.7 reflects high confidentiality, integrity, and availability impact but constrained by authentication and local-only attack vector.