CVE-2025-47997 (GCVE-0-2025-47997)
Vulnerability from cvelistv5 – Published: 2025-09-09 17:01 – Updated: 2026-02-20 16:00
VLAI
EPSS
VEX
Title
Microsoft SQL Server Information Disclosure Vulnerability
Summary
Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2016 Service Pack 3 (GDR) |
Affected:
13.0.0 , < 13.0.6470.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack |
Affected:
13.0.0 , < 13.0.7065.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2017 (CU 31) |
Affected:
14.0.0 , < 14.0.3505.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2017 (GDR) |
Affected:
14.0.0 , < 14.0.2085.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (CU 32) |
Affected:
15.0.0.0 , < 15.0.4445.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2145.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (CU 20) |
Affected:
16.0.0.0 , < 16.0.4212.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1150.1
(custom)
|
Date Public
2025-09-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T17:44:12.096923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T18:36:39.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.6470.1",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.7065.1",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (CU 31)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.3505.1",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.2085.1",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 32)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4445.1",
"status": "affected",
"version": "15.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2145.1",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (CU 20)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4212.1",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1150.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.2085.1",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2145.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.6470.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.7065.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.3505.1",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1150.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4212.1",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4445.1",
"versionStartIncluding": "15.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in SQL Server allows an authorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:00:40.021Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SQL Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47997"
}
],
"title": "Microsoft SQL Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-47997",
"datePublished": "2025-09-09T17:01:09.074Z",
"dateReserved": "2025-05-14T14:44:20.085Z",
"dateUpdated": "2026-02-20T16:00:40.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-47997",
"date": "2026-07-10",
"epss": "0.00765",
"percentile": "0.51088"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47997\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2025-09-09T17:15:47.240\",\"lastModified\":\"2026-06-17T09:28:58.773\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in SQL Server allows an authorized attacker to disclose information over a network.\"}],\"affected\":[{\"source\":\"secure@microsoft.com\",\"affectedData\":[{\"vendor\":\"Microsoft\",\"product\":\"Microsoft SQL Server 2016 Service Pack 3 (GDR)\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"13.0.0\",\"lessThan\":\"13.0.6470.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"13.0.0\",\"lessThan\":\"13.0.7065.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft SQL Server 2017 (CU 31)\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"14.0.0\",\"lessThan\":\"14.0.3505.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft SQL Server 2017 (GDR)\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"14.0.0\",\"lessThan\":\"14.0.2085.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft SQL Server 2019 (CU 32)\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"15.0.0.0\",\"lessThan\":\"15.0.4445.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft SQL Server 2019 (GDR)\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"15.0.0\",\"lessThan\":\"15.0.2145.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft SQL Server 2022 (CU 20)\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"16.0.0.0\",\"lessThan\":\"16.0.4212.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft SQL Server 2022 (GDR)\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"16.0.0\",\"lessThan\":\"16.0.1150.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-09-09T17:44:12.096923Z\",\"id\":\"CVE-2025-47997\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*\",\"versionStartIncluding\":\"13.0.6300.2\",\"versionEndExcluding\":\"13.0.6470.1\",\"matchCriteriaId\":\"59CA93B0-4137-4AAC-BB1E-6B2B4F79046A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*\",\"versionStartIncluding\":\"13.0.7000.253\",\"versionEndExcluding\":\"13.0.7065.1\",\"matchCriteriaId\":\"0CB4799A-6779-4976-8EDF-51562C1FAD86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*\",\"versionStartIncluding\":\"14.0.1000.169\",\"versionEndExcluding\":\"14.0.2085.1\",\"matchCriteriaId\":\"B7B97285-2318-4543-BC6C-B623B168765D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*\",\"versionStartIncluding\":\"14.0.3006.16\",\"versionEndExcluding\":\"14.0.3505.1\",\"matchCriteriaId\":\"A83261BD-47F9-4435-97F9-49760895FB40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*\",\"versionStartIncluding\":\"15.0.2000.5\",\"versionEndExcluding\":\"15.0.2145.1\",\"matchCriteriaId\":\"EC0485DD-0DCE-42E9-86A7-BCF06657C40E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*\",\"versionStartIncluding\":\"15.0.4003.23\",\"versionEndExcluding\":\"15.0.4445.1\",\"matchCriteriaId\":\"AB92356F-BACC-4BB1-94B5-790081104E88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*\",\"versionStartIncluding\":\"16.0.1000.6\",\"versionEndExcluding\":\"16.0.1150.1\",\"matchCriteriaId\":\"DD20A016-AC41-4512-98AA-92E3765036B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*\",\"versionStartIncluding\":\"16.0.4003.1\",\"versionEndExcluding\":\"16.0.4212.1\",\"matchCriteriaId\":\"CFAC6C9B-F544-42D4-A490-DD607A7688D4\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47997\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"current_release_date": "2025-09-11T17:29:38+00:00",
"cve": "CVE-2025-47997",
"id": "CVE-2025-47997",
"initial_release_date": "2025-09-09T07:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "Microsoft SQL Server Information Disclosure Vulnerability",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47997.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47997\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-09T17:44:12.096923Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-09T17:44:14.370Z\"}}], \"cna\": {\"title\": \"Microsoft SQL Server Information Disclosure Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2016 Service Pack 3 (GDR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.0.0\", \"lessThan\": \"13.0.6470.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.0.0\", \"lessThan\": \"13.0.7065.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2017 (CU 31)\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.0.0\", \"lessThan\": \"14.0.3505.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2017 (GDR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.0.0\", \"lessThan\": \"14.0.2085.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2019 (CU 32)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0.0\", \"lessThan\": \"15.0.4445.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2019 (GDR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"15.0.2145.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2022 (CU 20)\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0.0\", \"lessThan\": \"16.0.4212.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2022 (GDR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.1150.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2025-09-09T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47997\", \"name\": \"Microsoft SQL Server Information Disclosure Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in SQL Server allows an authorized attacker to disclose information over a network.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}, {\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"14.0.2085.1\", \"versionStartIncluding\": \"14.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.0.2145.1\", \"versionStartIncluding\": \"15.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"13.0.6470.1\", \"versionStartIncluding\": \"13.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"13.0.7065.1\", \"versionStartIncluding\": \"13.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"14.0.3505.1\", \"versionStartIncluding\": \"14.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.1150.1\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.4212.1\", \"versionStartIncluding\": \"16.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.0.4445.1\", \"versionStartIncluding\": \"15.0.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-02-20T16:00:40.021Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-47997\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-20T16:00:40.021Z\", \"dateReserved\": \"2025-05-14T14:44:20.085Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2025-09-09T17:01:09.074Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…