Microsoft just published security update CVE-2025-49719, which includes links to new patches for all SQL Server versions going back to 2016. (SQL Server 2014 & earlier are no longer under extended support, so it’s not clear whether they were unaffected, or just won’t be patched.)
The security update says that “Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network,” but that’s it for technical details. The attack complexity is described as low, but it doesn’t look like there’s been an exploit in the wild.
We’ve updated the SQLServerUpdates.com list of current builds. Happy patching!
1 Comment. Leave new
And it looks like Microsoft also released a CU20 (KB5059390) for SQL 2022 today (10 July 2025). Gotta love it when they release back to back patches like this. 🙂