CVE-2025-59250

Summary

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft JDBC Driver for SQL Server 10.21.0.0 < 10.2.4affected
MicrosoftMicrosoft JDBC Driver for SQL Server 11.21.0.0 < 11.2.4affected
MicrosoftMicrosoft JDBC Driver for SQL Server 12.101.0.0 < 12.10.2affected
MicrosoftMicrosoft JDBC Driver for SQL Server 12.21.0.0 < 12.2.1affected
MicrosoftMicrosoft JDBC Driver for SQL Server 12.41.0.0 < 12.4.3affected
MicrosoftMicrosoft JDBC Driver for SQL Server 12.61.0.0 < 12.6.5affected
MicrosoftMicrosoft JDBC Driver for SQL Server 12.81.0.0 < 12.8.2affected
MicrosoftMicrosoft JDBC Driver for SQL Server 13.21.0.0 < 13.2.1affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References