Microsoft on Tuesday announced security fixes for 130 vulnerabilities across its products, including a previously disclosed SQL Server bug.
Tracked as CVE-2025-49719 (CVSS score of 7.5), the already disclosed SQL Server flaw is described as an improper input validation issue that could allow unauthenticated attackers to leak information over the network.
According to Microsoft, the security defect has not been exploited as a zero-day, but it was publicly disclosed before patches were released.
https://www.securityweek.com/microsoft- ... h-tuesday/