- Description
- Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- sql_server_2016, sql_server_2017, sql_server_2019, sql_server_2022
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-89
- Hype score
- Not currently trending
Faille critique dans Microsoft SQL Server (CVE-2025-59499) : une injection SQL permet d’obtenir des privilèges élevés sur SQL Server 2016–2022. Score 8.8. Mise à jour urgente recommandée. ©️CybersecurityNews #chevalyetèk #Cybersecurity https://t.co/RTPTSiCj3Y
@williamboamson
16 Nov 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
برای SQL server آسیب پذیری جدیدی از نوع Sqlinjection با کد شناسایی CVE-2025-59499 منتشر شده است که به هکرها امکان ارتقای سطح دسترسی را می دهد. برای امن سازی ، پچ لازم را اعما
@EthicalSafe
12 Nov 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-59499: HIGH] Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.#cve,CVE-2025-59499,#cybersecurity https://t.co/jQlnu6prza https://t.co/2JItMkmV2O
@CveFindCom
11 Nov 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-59499** pertains to an SQL Injection vulnerability in Microsoft SQL Server. The vulnerability arises due to improper neutralization of special elements used in SQL commands, which allows an attacker to execute malicious SQL statements by manipulating input data. This
@CveTodo
11 Nov 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6F942F6A-4994-45EA-8C29-F38103686576",
"versionEndExcluding": "13.0.6475.1",
"versionStartIncluding": "13.0.6300.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "19B13D04-C970-48BA-BD9E-27961F78FEFD",
"versionEndExcluding": "13.0.7070.1",
"versionStartIncluding": "13.0.7000.253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "596C96BD-A53C-4039-83BE-BC9CD42FB1C2",
"versionEndExcluding": "14.0.2095.1",
"versionStartIncluding": "14.0.1000.169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E89452A1-5701-4143-BCA1-B9A8EED992AD",
"versionEndExcluding": "14.0.3515.1",
"versionStartIncluding": "14.0.3006.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "861744A1-B08B-465D-B2DE-362880A52CFB",
"versionEndExcluding": "15.0.2155.2",
"versionStartIncluding": "15.0.2000.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "07DA2EF2-81AF-4994-922A-DB1F1BDB4E82",
"versionEndExcluding": "15.0.4455.2",
"versionStartIncluding": "15.0.4003.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4FF6DB8F-96A8-4C42-8030-15D365AE6320",
"versionEndExcluding": "16.0.1160.1",
"versionStartIncluding": "16.0.1000.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6B71EA83-0BD9-46C9-AD59-B7BF7FD45FB1",
"versionEndExcluding": "16.0.4222.2",
"versionStartIncluding": "16.0.4003.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]