Vulnerability Details CVE-2025-47954
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.9%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2025-47954
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.1000.6
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.1050.5
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.1105.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.1110.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.1115.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.1121.4
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.1125.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.1130.5
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.1135.2
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.1140.6
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4003.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4015.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4025.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4035.4
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4045.3
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4055.4
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4065.3
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4075.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4080.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4085.2
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4095.4
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4100.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4105.2
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4115.5
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4120.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4125.3
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4131.2
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4135.4
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4140.3
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4150.1
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4155.4
-
cpe:2.3:a:microsoft:sql_server_2022:16.0.4200.1