CVE-2025-47954
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft SQL Server 2022 (CU 20)Microsoft · Microsoft SQL Server 2022 (GDR)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →