CVE-2025-59250: JDBC Driver for SQL Server has improper input validation issue
(updated )
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.
References
- github.com/advisories/GHSA-m494-w24q-6f7w
- github.com/microsoft/mssql-jdbc
- github.com/microsoft/mssql-jdbc/blob/main/CHANGELOG.md
- github.com/microsoft/mssql-jdbc/commit/9732e1bbc6ec44166fda2cddab31ce1c86c873dd
- github.com/microsoft/mssql-jdbc/pull/2798
- github.com/microsoft/mssql-jdbc/pull/2800
- github.com/microsoft/mssql-jdbc/pull/2801
- github.com/microsoft/mssql-jdbc/pull/2802
- github.com/microsoft/mssql-jdbc/pull/2803
- github.com/microsoft/mssql-jdbc/pull/2807
- learn.microsoft.com/en-us/sql/connect/jdbc/microsoft-jdbc-driver-for-sql-server-support-matrix
- msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59250
- nvd.nist.gov/vuln/detail/CVE-2025-59250
Code Behaviors & Features
Detect and mitigate CVE-2025-59250 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →