Home

CVE-2025-24999

Description

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.126

Associated Vulnerability

VulnerabilityOS Platform
Microsoft SQL Server Elevation of Privilege Vulnerability for SQL Server 2016 SP3 (KB5063762)Windows
Microsoft SQL Server Elevation of Privilege Vulnerability for SQL Server 2016 SP3 Azure Connect Feature Pack (KB5063761)Windows
Microsoft SQL Server Elevation of Privilege Vulnerability for SQL Server 2017 RTM CU (KB5063759)Windows
Microsoft SQL Server Elevation of Privilege Vulnerability for SQL Server 2017 RTM (KB5063760)Windows
Microsoft SQL Server Elevation of Privilege Vulnerability for SQL Server 2019 RTM CU (KB5063757)Windows
Microsoft SQL Server Elevation of Privilege Vulnerability for SQL Server 2019 RTM (KB5063758)Windows
Microsoft SQL Server Elevation of Privilege Vulnerability for SQL Server 2022 RTM CU (KB5063814)Windows
Microsoft SQL Server Elevation of Privilege Vulnerability for SQL Server 2022 RTM (KB5063756)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-42214Security Update for SQL Server 2016 SP3 (KB5063762)
PATCH-42213Security Update for SQL Server 2016 SP3 Azure Connect Feature Pack (KB5063761)
PATCH-42216Security Update for SQL Server 2017 RTM CU (KB5063759)
PATCH-42215Security Update for SQL Server 2017 RTM (KB5063760)
PATCH-42218Security Update for SQL Server 2019 RTM CU (KB5063757)
PATCH-42217Security Update for SQL Server 2019 RTM (KB5063758)
PATCH-42220Security Update for SQL Server 2022 RTM CU (KB5063814)
PATCH-42219Security Update for SQL Server 2022 RTM (KB5063756)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234