CVE-2025-47954
Published: 12 August 2025
Summary
CVE-2025-47954 is a high-severity SQL Injection (CWE-89) vulnerability in Microsoft Sql Server 2022. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 11.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
The vulnerability is an SQL injection issue tracked as CWE-89 that affects SQL Server. It arises from improper neutralization of special elements in SQL commands and carries a CVSS 3.1 score of 8.8 with the vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
An authorized attacker with network access can exploit the flaw to elevate privileges on the affected SQL Server instance, resulting in high impact to confidentiality, integrity, and availability.
The Microsoft Security Response Center advisory published at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47954 addresses CVE-2025-47954. The associated EPSS score remains flat at a peak and current value of 0.0376 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24301
Vulnerability details
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in SQL Server directly enables remote privilege escalation by an authenticated attacker (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly and comprehensively mitigates SQL injection (CWE-89) by requiring validation of information inputs to prevent improper neutralization of special elements in SQL commands.
Requires timely identification, reporting, and correction of known flaws like this SQL injection vulnerability in SQL Server through patching.
Ensures vulnerabilities such as CVE-2025-47954 are scanned for and remediated promptly to prevent remote privilege escalation exploitation.