Cyber Posture

CVE-2025-49717

High

Published: 08 July 2025

Published
08 July 2025
Modified
17 July 2025
KEV Added
Patch
CVSS Score 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0039 60.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-49717 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Sql Server 2019. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of the specific heap-based buffer overflow vulnerability in SQL Server through vendor patches.

SI-16 Memory Protection good match
prevent

Implements memory protection mechanisms such as heap canaries, ASLR, and DEP to directly mitigate heap-based buffer overflow exploits leading to code execution.

SI-10 Information Input Validation partial match
prevent

Validates network inputs to SQL Server to prevent malformed data from triggering the heap buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Network-accessible authenticated heap buffer overflow enabling arbitrary code execution on SQL Server directly maps to remote service/application exploitation and privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

Deeper analysisAI

CVE-2025-49717 is a heap-based buffer overflow vulnerability, classified under CWE-122, affecting Microsoft SQL Server. Published on 2025-07-08, it carries a CVSS v3.1 base score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity with network accessibility, high attack complexity, and low privilege requirements.

An authorized attacker with low privileges (PR:L) can exploit this vulnerability over the network without user interaction. Successful exploitation allows arbitrary code execution, leading to high impacts on confidentiality, integrity, and availability, compounded by the changed scope (S:C).

The Microsoft Security Response Center advisory provides details on mitigation and patches at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717.

Details

CWE(s)
CWE-122

Affected Products

microsoft
sql server 2019
15.0.2000.5 — 15.0.2135.5 · 15.0.4003.23 — 15.0.4435.7
microsoft
sql server 2022
16.0.1000.6 — 16.0.1140.6 · 16.0.4003.1 — 16.0.4200.1

CVEs Like This One

CVE-2026-33120Same product: Microsoft Sql Server 2019
CVE-2025-49729Same vendor: Microsoft
CVE-2025-49669Same vendor: Microsoft
CVE-2025-49674Same vendor: Microsoft
CVE-2025-48824Same vendor: Microsoft
CVE-2025-55227Same product: Microsoft Sql Server 2019
CVE-2025-49753Same vendor: Microsoft
CVE-2025-62456Same vendor: Microsoft
CVE-2025-47981Same vendor: Microsoft
CVE-2025-49663Same vendor: Microsoft

References