Microsoft Microsoft Sql Server 2022 (Cu 20)
7 CVEs affecting Microsoft Microsoft Sql Server 2022 (Cu 20). Latest disclosed: 2025-09-09. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-55227 | High | 8.8 | 2025-09-09 | Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a ne… |
CVE-2025-47954 | High | 8.8 | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2025-49759 | High | 8.8 | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2025-24999 | High | 8.8 | 2025-08-12 | Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-53727 | High | 8.8 | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2025-49758 | High | 8.8 | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2025-47997 | Medium | 6.5 | 2025-09-09 | Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information… |