Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-24999 Published on August 12, 2025

Microsoft SQL Server Elevation of Privilege Vulnerability
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Vendor Advisory NVD

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2025-24999 has been classified to as an Authorization vulnerability or weakness.

Products Associated with CVE-2025-24999

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-24999 are published in these products:

Microsoft SQL Server

Microsoft Sql Server 2016

Microsoft Sql Server 2017

Microsoft Sql Server 2019

Microsoft Sql Server 2022

Affected Versions

Microsoft SQL Server 2016 Service Pack 3 (GDR):

Version 13.0.0 and below 13.0.6465.1 is affected.

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack:

Version 13.0.0 and below 13.0.7060.1 is affected.

Microsoft SQL Server 2017 (CU 31):

Version 14.0.0 and below 14.0.3500.1 is affected.

Microsoft SQL Server 2017 (GDR):

Version 14.0.0 and below 14.0.2080.1 is affected.

Microsoft SQL Server 2019 (CU 32):

Version 15.0.0.0 and below 15.0.4440.1 is affected.

Microsoft SQL Server 2019 (GDR):

Version 15.0.0 and below 15.0.2140.1 is affected.

Microsoft SQL Server 2022 (CU 20):

Version 16.0.0.0 and below 16.0.4210.1 is affected.

Microsoft SQL Server 2022 (GDR):

Version 16.0.0 and below 16.0.1145.1 is affected.

Exploit Probability

EPSS

0.11%

Percentile

29.80%