Unauthorized users could seize complete control of an SQL Server instance thanks to a newly patched injection flaw, Microsoft has confirmed. The vulnerability, tracked as CVE-2025-59499, allows an authenticated attacker to escalate privileges up to full sysadmin—effectively handing over the keys to your database and potentially the underlying server.
Microsoft’s July 2025 security update addresses the issue across all supported versions of SQL Server, from aging 2016 instances to the latest 2022 builds. If you’re running any unpatched SQL Server exposed to untrusted networks, you need to act now.
What’s the Real Danger?
CVE-2025-59499 is an SQL injection vulnerability at its core—but it’s not the typical website data leak. Here, the injection occurs within the database engine itself, where dynamic SQL queries mishandle user-supplied input. An attacker who can authenticate to the SQL Server (even with a low-privilege application account) can inject administrative commands that run under the security context of the process executing the query.
That context could be a sysadmin if, for example, a DBA’s maintenance script or a scheduled job has elevated rights. More commonly, even a moderately privileged service account often holds ALTER ANY LOGIN or CREATE LOGIN permissions, which gives the attacker enough leverage to create new logins, add themselves to the sysadmin role, or enable dangerous features like xp_cmdshell.
In short, the flaw turns a minor foothold into a full domain-compromise pivot point. If the SQL Server service account has high OS privileges, the attacker can also break out to the host file system, install malware, or move laterally across your network.
Microsoft rates the vulnerability as high severity and exploitable by low-privilege authenticated attackers over the network. The company has seen no public proof-of-concept code at the time of the patch, but the attack complexity is low enough that organizations should assume weaponization is imminent.
Who’s Affected?
Every supported edition of SQL Server is vulnerable until the July 2025 cumulative updates or General Distribution Release (GDR) patches are applied. The specific builds and KB numbers are:
| SQL Server Version | Update Type | KB Number | Patched Build |
|---|---|---|---|
| 2022 | CU21+GDR | KB5068406 | 16.0.4222.2 |
| 2022 | RTM+GDR | KB5068407 | 16.0.1160.1 |
| 2019 | CU32+GDR | KB5068404 | 15.0.4455.2 |
| 2019 | RTM+GDR | KB5068405 | 15.0.2155.2 |
| 2017 | CU31+GDR | KB5068402 | 14.0.3515.1 |
| 2017 | RTM+GDR | KB5068403 | 14.0.2095.1 |
| 2016 | Azure Connect FP+GDR | KB5068400 | 13.0.7070.1 |
| 2016 | SP3 RTM+GDR | KB5068401 | 13.0.6475.1 |
If your SQL Server build number is lower than the patched version within the same baseline (as listed in Microsoft’s advisory), you are vulnerable. Unsupported versions, such as SQL Server 2014 and earlier, will not receive a patch and should be upgraded or isolated.
How the Attack Unfolds
Exploitation relies on an overly permissive dynamic SQL statement somewhere in the SQL Server instance—perhaps in a stored procedure, a job script, or even an application that constructs T-SQL on the fly. An attacker who can reach the SQL Server port and authenticate (using stolen credentials, a weak password, or a misconfigured application account) can send a specially crafted payload that alters the intended SQL command.
For example, a malicious input to a report parameter might turn:
SELECT * FROM Orders WHERE CustomerName = ‘$input’
into:
SELECT * FROM Orders WHERE CustomerName = ‘‘; CREATE LOGIN attacker WITH PASSWORD = ‘P@ssw0rd’; ALTER SERVER ROLE sysadmin ADD MEMBER attacker;--’
Because the injection runs inside a trusted database context, the injected administrative commands execute with whatever privileges that context holds. In the worst case, it’s sysadmin—and from there, enabling xp_cmdshell can give a remote shell on the host server.
Even without sysadmin, an attacker can abuse common roles like db_owner or securityadmin to plant backdoors, exfiltrate data, or tamper with backups.
How We Got Here
SQL injection has plagued applications for decades, but injection inside a database engine is a rarer and more dangerous breed. In 2023 and 2024, Microsoft patched several similar privilege-escalation flaws in SQL Server, including CVE-2023-23384 and CVE-2024-21421, which also allowed attackers to elevate via injected code. The persistence of these flaws reflects the difficulty of rooting out dynamic SQL in legacy codebases and the sheer complexity of SQL Server’s internal parsing.
The mid-2025 patch cycle bundles fixes for multiple SQL Server injection vulnerabilities (some trackers list related CVE-2025-54100 and CVE-2025-59498), though Microsoft’s advisory focuses on CVE-2025-59499. The use of different CVE identifiers across vulnerability databases has caused some confusion, so the safest approach is to patch based on your SQL Server build number and the KB tables Microsoft publishes.
What You Need to Do Now
1. Patch immediately. Identify your SQL Server version and build number (query SELECT SERVERPROPERTY(‘ProductVersion’)), then find the matching update from the table above. Download the appropriate GDR or CU package from the Microsoft Update Catalog, test in a staging environment, and deploy across all instances.
If you’re on the GDR track (security-only updates), you can install the GDR package directly. If you’ve previously applied cumulative updates, you must use the CU+GDR package. Remember: once you’ve installed a CU, you cannot switch back to the GDR track for that instance.
2. Harden your network. If patching is delayed, block external access to SQL Server ports (TCP 1433, UDP 1434, and any named-instance ports) at the firewall and cloud security group level. Restrict administrative connections to a dedicated management subnet and require VPN or jump hosts.
3. Audit and reduce privileges. Revoke high-risk server-level permissions (ALTER ANY LOGIN, IMPERSONATE, CONTROL SERVER) from application and service accounts. Disable xp_cmdshell, OLE Automation, and other risky features unless absolutely necessary. Apply the principle of least privilege across all database principals.
4. Enable monitoring. Turn on full SQL Server auditing for server-principal changes and forward logs to your SIEM. Set up alerts on these high-fidelity triggers:
- CREATE LOGIN executed by a non‑DBA account
- ALTER SERVER ROLE or additions to the sysadmin role
- sp_executesql calls containing CREATE, ALTER, or multiple semicolons
You can proactively check current sysadmin members with:
SELECT name FROM sys.server_principals WHERE IS_SRVROLEMEMBER(‘sysadmin’, name) = 1;
5. Fix your code. Replace all dynamic SQL with parameterized queries or stored procedures. If you must assemble T-SQL from user input, use QUOTENAME() and REPLACE() judiciously, but know that escaping alone is error-prone. Conduct a code review focused on sp_executesql and EXEC() calls.
6. Have an incident response plan. If you suspect compromise:
- Isolate the server from the network (but do not restart it—you’ll lose valuable forensic data).
- Export SQL Server logs, Extended Events, and take a memory dump.
- Look for new logins, role changes, or enabled features like xp_cmdshell.
- Rotate all credentials and rebuild any affected instances from clean backups.
Looking Ahead
Microsoft will continue to bundle SQL Server security fixes into cumulative updates; keeping a regular patch cycle is your best defense. Expect injection flaws to remain a target for researchers and attackers alike, especially as SQL Server instances move to hybrid cloud environments where network perimeters blur.
Database administrators should also keep an eye on driver compatibility. This update does not change client driver versions, but any major engine patch can occasionally break legacy ODBC, OLE DB, or JDBC drivers. Test your application connectivity after patching.
CVE-2025-59499 is a reminder that even a single unsanitized SQL statement inside a trusted database can hand attackers the keys to your data kingdom. Patch today, harden tomorrow, and audit relentlessly.