GHSA-m494-w24q-6f7w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m494-w24q-6f7w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-m494-w24q-6f7w/GHSA-m494-w24q-6f7w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m494-w24q-6f7w
- Aliases
-
- CVE-2025-59250
- Downstream
- Related
- Published
- 2025-10-14T18:30:35Z
- Modified
- 2025-11-05T17:59:05.560487Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- JDBC Driver for SQL Server has improper input validation issue
- Details
-
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.
- Database specific
{ "cwe_ids": [ "CWE-20" ], "github_reviewed": true, "github_reviewed_at": "2025-11-03T14:53:13Z", "nvd_published_at": "2025-10-14T17:16:07Z", "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-59250
- https://github.com/microsoft/mssql-jdbc/pull/2798
- https://github.com/microsoft/mssql-jdbc/pull/2800
- https://github.com/microsoft/mssql-jdbc/pull/2801
- https://github.com/microsoft/mssql-jdbc/pull/2802
- https://github.com/microsoft/mssql-jdbc/pull/2803
- https://github.com/microsoft/mssql-jdbc/pull/2807
- https://github.com/microsoft/mssql-jdbc
- https://github.com/microsoft/mssql-jdbc/blob/main/CHANGELOG.md
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59250
Affected packages
Maven
com.microsoft.sqlserver:mssql-jdbc
Package
- Name
- com.microsoft.sqlserver:mssql-jdbc
- View open source insights on deps.dev
- Purl
- pkg:maven/com.microsoft.sqlserver/mssql-jdbc
Affected versions
6.*
6.1.0.jre7
6.1.0.jre8
6.1.2.jre7-preview
6.1.2.jre8-preview
6.1.3.jre7-preview
6.1.3.jre8-preview
6.1.4.jre7-preview
6.1.4.jre8-preview
6.1.5.jre7-preview
6.1.5.jre8-preview
6.1.6.jre7-preview
6.1.6.jre8-preview
6.1.7.jre7-preview
6.1.7.jre8-preview
6.2.0.jre7
6.2.0.jre8
6.2.1.jre7
6.2.1.jre8
6.2.2.jre7
6.2.2.jre8
6.3.0.jre7-preview
6.3.0.jre8-preview
6.3.1.jre7-preview
6.3.1.jre7-preview-v2
6.3.1.jre8-preview
6.3.1.jre8-preview-v2
6.3.2.jre7-preview
6.3.2.jre8-preview
6.3.3.jre7-preview
6.3.3.jre8-preview
6.3.4.jre7-preview
6.3.4.jre8-preview
6.3.5.jre7-preview
6.3.5.jre8-preview
6.3.6.jre7-preview
6.3.6.jre8-preview
6.4.0.jre7
6.4.0.jre8
6.4.0.jre9
6.5.0.jre8-preview
6.5.0.jre9-preview
6.5.1.jre8-preview
6.5.1.jre9-preview
6.5.2.jre8-preview
6.5.2.jre9-preview
6.5.3.jre8-preview
6.5.3.jre10-preview
6.5.4.jre8-preview
6.5.4.jre10-preview
7.*
7.0.0.jre8
7.0.0.jre10
7.1.0.jre8-preview
7.1.0.jre10-preview
7.1.1.jre8-preview
7.1.1.jre10-preview
7.1.2.jre8-preview
7.1.2.jre11-preview
7.1.3.jre8-preview
7.1.3.jre11-preview
7.1.4.jre8-preview
7.1.4.jre11-preview
7.2.0.jre8
7.2.0.jre11
7.2.1.jre8
7.2.1.jre11
7.2.2.jre8
7.2.2.jre11
7.3.0.jre8-preview
7.3.0.jre11-preview
7.3.1.jre8-preview
7.3.1.jre11-preview
7.3.1.jre12-preview
7.4.0.jre8
7.4.0.jre11
7.4.0.jre12
7.4.1.jre8
7.4.1.jre11
7.4.1.jre12
8.*
8.1.0.jre8-preview
8.1.0.jre11-preview
8.1.0.jre13-preview
8.1.1.jre8
8.1.1.jre8-preview
8.1.1.jre11
8.1.1.jre11-preview
8.1.1.jre13
8.1.1.jre13-preview
8.2.0.jre8
8.2.0.jre11
8.2.0.jre13
8.2.1.jre8
8.2.1.jre11
8.2.1.jre13
8.2.2.jre8
8.2.2.jre11
8.2.2.jre13
8.3.0.jre8-preview
8.3.0.jre11-preview
8.3.0.jre14-preview
8.3.1.jre8-preview
8.3.1.jre11-preview
8.3.1.jre14-preview
8.4.0.jre8
8.4.0.jre11
8.4.0.jre14
8.4.1.jre8
8.4.1.jre11
8.4.1.jre14
9.*
9.1.0.jre8-preview
9.1.0.jre11-preview
9.1.0.jre15-preview
9.1.1.jre8-preview
9.1.1.jre11-preview
9.1.1.jre15-preview
9.2.0.jre8
9.2.0.jre11
9.2.0.jre15
9.2.1.jre8
9.2.1.jre11
9.2.1.jre15
9.3.0.jre8-preview
9.3.0.jre11-preview
9.3.0.jre15-preview
9.3.1.jre8-preview
9.3.1.jre11-preview
9.3.1.jre15-preview
9.4.0.jre8
9.4.0.jre11
9.4.0.jre16
9.4.1.jre8
9.4.1.jre8-preview
9.4.1.jre11
9.4.1.jre11-preview
9.4.1.jre16
9.4.1.jre16-preview
9.5.0-SNAPSHOT.jre8-preview
9.5.0-SNAPSHOT.jre11-preview
9.5.0-SNAPSHOT.jre17-preview
9.5.0.jre8-preview
9.5.0.jre11-preview
9.5.0.jre17-preview
10.*
10.1.0.jre8-preview
10.1.0.jre11-preview
10.1.0.jre17-preview
10.2.0-SNAPSHOT.jre8-preview
10.2.0-SNAPSHOT.jre11-preview
10.2.0-SNAPSHOT.jre17-preview
10.2.0.jre8
10.2.0.jre11
10.2.0.jre17
10.2.1.jre8
10.2.1.jre11
10.2.1.jre17
10.2.2.jre8
10.2.2.jre8-preview
10.2.2.jre11
10.2.2.jre11-preview
10.2.2.jre17
10.2.2.jre17-preview
10.2.3.jre8
10.2.3.jre11
10.2.3.jre17
10.2.4.jre8
com.microsoft.sqlserver:mssql-jdbc
Package
- Name
- com.microsoft.sqlserver:mssql-jdbc
- View open source insights on deps.dev
- Purl
- pkg:maven/com.microsoft.sqlserver/mssql-jdbc
com.microsoft.sqlserver:mssql-jdbc
Package
- Name
- com.microsoft.sqlserver:mssql-jdbc
- View open source insights on deps.dev
- Purl
- pkg:maven/com.microsoft.sqlserver/mssql-jdbc
com.microsoft.sqlserver:mssql-jdbc
Package
- Name
- com.microsoft.sqlserver:mssql-jdbc
- View open source insights on deps.dev
- Purl
- pkg:maven/com.microsoft.sqlserver/mssql-jdbc
com.microsoft.sqlserver:mssql-jdbc
Package
- Name
- com.microsoft.sqlserver:mssql-jdbc
- View open source insights on deps.dev
- Purl
- pkg:maven/com.microsoft.sqlserver/mssql-jdbc
com.microsoft.sqlserver:mssql-jdbc
Package
- Name
- com.microsoft.sqlserver:mssql-jdbc
- View open source insights on deps.dev
- Purl
- pkg:maven/com.microsoft.sqlserver/mssql-jdbc
com.microsoft.sqlserver:mssql-jdbc
Package
- Name
- com.microsoft.sqlserver:mssql-jdbc
- View open source insights on deps.dev
- Purl
- pkg:maven/com.microsoft.sqlserver/mssql-jdbc