GHSA-m494-w24q-6f7w

Source

https://github.com/advisories/GHSA-m494-w24q-6f7w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-m494-w24q-6f7w/GHSA-m494-w24q-6f7w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m494-w24q-6f7w

Aliases

CVE-2025-59250

Downstream

MINI-c8qq-8q7w-xpg9

MINI-m2r4-x8jg-mrjp

Related

Published

2025-10-14T18:30:35Z

Modified

2025-11-24T18:15:29.342807Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

JDBC Driver for SQL Server has improper input validation issue

Details

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.

Database specific

{
    "github_reviewed_at": "2025-11-03T14:53:13Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "nvd_published_at": "2025-10-14T17:16:07Z"
}

References

Affected packages

Maven

com.microsoft.sqlserver:mssql-jdbc

Package

Name: com.microsoft.sqlserver:mssql-jdbc; View open source insights on deps.dev
Purl: pkg:maven/com.microsoft.sqlserver/mssql-jdbc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.3.0.jre11-preview

Fixed

10.2.4.jre11

Affected versions

8.*

8.3.0.jre11-preview

8.3.0.jre14-preview

8.3.1.jre8-preview

8.3.1.jre11-preview

8.3.1.jre14-preview

8.4.0.jre8

8.4.0.jre11

8.4.0.jre14

8.4.1.jre8

8.4.1.jre11

8.4.1.jre14

9.*

9.1.0.jre8-preview

9.1.0.jre11-preview

9.1.0.jre15-preview

9.1.1.jre8-preview

9.1.1.jre11-preview

9.1.1.jre15-preview

9.2.0.jre8

9.2.0.jre11

9.2.0.jre15

9.2.1.jre8

9.2.1.jre11

9.2.1.jre15

9.3.0.jre8-preview

9.3.0.jre11-preview

9.3.0.jre15-preview

9.3.1.jre8-preview

9.3.1.jre11-preview

9.3.1.jre15-preview

9.4.0.jre8

9.4.0.jre11

9.4.0.jre16

9.4.1.jre8

9.4.1.jre8-preview

9.4.1.jre11

9.4.1.jre11-preview

9.4.1.jre16

9.4.1.jre16-preview

9.5.0-SNAPSHOT.jre8-preview

9.5.0-SNAPSHOT.jre11-preview

9.5.0-SNAPSHOT.jre17-preview

9.5.0.jre8-preview

9.5.0.jre11-preview

9.5.0.jre17-preview

10.*

10.1.0.jre8-preview

10.1.0.jre11-preview

10.1.0.jre17-preview

10.2.0-SNAPSHOT.jre8-preview

10.2.0-SNAPSHOT.jre11-preview

10.2.0-SNAPSHOT.jre17-preview

10.2.0.jre8

10.2.0.jre11

10.2.0.jre17

10.2.1.jre8

10.2.1.jre11

10.2.1.jre17

10.2.2.jre8

10.2.2.jre8-preview

10.2.2.jre11

10.2.2.jre11-preview

10.2.2.jre17

10.2.2.jre17-preview

10.2.3.jre8

10.2.3.jre11

10.2.3.jre17

10.2.4.jre8

com.microsoft.sqlserver:mssql-jdbc

Package

Name: com.microsoft.sqlserver:mssql-jdbc; View open source insights on deps.dev
Purl: pkg:maven/com.microsoft.sqlserver/mssql-jdbc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11.2.0.jre11

Fixed

11.2.4.jre11

Affected versions

11.*

11.2.0.jre11

11.2.0.jre17

11.2.0.jre18

11.2.1.jre8

11.2.1.jre11

11.2.1.jre17

11.2.1.jre18

11.2.2.jre8

11.2.2.jre11

11.2.2.jre17

11.2.2.jre18

11.2.3.jre8

11.2.3.jre11

11.2.3.jre17

11.2.3.jre18

11.2.4.jre8

com.microsoft.sqlserver:mssql-jdbc

Package

Name: com.microsoft.sqlserver:mssql-jdbc; View open source insights on deps.dev
Purl: pkg:maven/com.microsoft.sqlserver/mssql-jdbc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12.2.0.jre11

Fixed

12.2.1.jre11

Affected versions

12.*

12.2.0.jre11

12.2.1.jre8

com.microsoft.sqlserver:mssql-jdbc

Package

Name: com.microsoft.sqlserver:mssql-jdbc; View open source insights on deps.dev
Purl: pkg:maven/com.microsoft.sqlserver/mssql-jdbc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12.6.0.jre11

Fixed

12.6.5.jre11

Affected versions

12.*

12.6.0.jre11

12.6.1.jre8

12.6.1.jre11

12.6.2.jre8

12.6.2.jre11

12.6.3.jre8

12.6.3.jre11

12.6.4.jre8

12.6.4.jre11

12.6.5.jre8

com.microsoft.sqlserver:mssql-jdbc

Package

Name: com.microsoft.sqlserver:mssql-jdbc; View open source insights on deps.dev
Purl: pkg:maven/com.microsoft.sqlserver/mssql-jdbc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12.8.0.jre11

Fixed

12.8.2.jre11

Affected versions

12.*

12.8.0.jre11

12.8.1.jre8

12.8.1.jre11

12.8.2.jre8

com.microsoft.sqlserver:mssql-jdbc

Package

Name: com.microsoft.sqlserver:mssql-jdbc; View open source insights on deps.dev
Purl: pkg:maven/com.microsoft.sqlserver/mssql-jdbc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12.10.0.jre11

Fixed

12.10.2.jre11

Affected versions

12.*

12.10.0.jre11

12.10.1.jre8

12.10.1.jre11

12.10.2.jre8

com.microsoft.sqlserver:mssql-jdbc

Package

Name: com.microsoft.sqlserver:mssql-jdbc; View open source insights on deps.dev
Purl: pkg:maven/com.microsoft.sqlserver/mssql-jdbc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13.2.0.jre11

Fixed

13.2.1.jre11

Affected versions

13.*

13.2.0.jre11

13.2.1.jre8