1+ {
2+ "schema_version" : " 1.4.0"
3+ "id" : " GHSA-m494-w24q-6f7w"
4+ "modified" : " 2025-11-03T14:53:14Z"
5+ "published" : " 2025-10-14T18:30:35Z"
6+ "aliases" : [
7+ " CVE-2025-59250"
8+ ],
9+ "summary" : " JDBC Driver for SQL Server has improper input validation issue"
10+ "details" : " Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network."
11+ "severity" : [
12+ {
13+ "type" : " CVSS_V3"
14+ "score" : " CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
15+ }
16+ ],
17+ "affected" : [
18+ {
19+ "package" : {
20+ "ecosystem" : " Maven"
21+ "name" : " com.microsoft.sqlserver:mssql-jdbc"
22+ },
23+ "ranges" : [
24+ {
25+ "type" : " ECOSYSTEM"
26+ "events" : [
27+ {
28+ "introduced" : " 0.2.0-SNAPSHOT.jre8-preview"
29+ },
30+ {
31+ "fixed" : " 10.2.4.jre8"
32+ }
33+ ]
34+ }
35+ ]
36+ },
37+ {
38+ "package" : {
39+ "ecosystem" : " Maven"
40+ "name" : " com.microsoft.sqlserver:mssql-jdbc"
41+ },
42+ "ranges" : [
43+ {
44+ "type" : " ECOSYSTEM"
45+ "events" : [
46+ {
47+ "introduced" : " 11.2.0.jre8"
48+ },
49+ {
50+ "fixed" : " 11.2.4.jre8"
51+ }
52+ ]
53+ }
54+ ]
55+ },
56+ {
57+ "package" : {
58+ "ecosystem" : " Maven"
59+ "name" : " com.microsoft.sqlserver:mssql-jdbc"
60+ },
61+ "ranges" : [
62+ {
63+ "type" : " ECOSYSTEM"
64+ "events" : [
65+ {
66+ "introduced" : " 12.2.0.jre8"
67+ },
68+ {
69+ "fixed" : " 12.2.1.jre8"
70+ }
71+ ]
72+ }
73+ ]
74+ },
75+ {
76+ "package" : {
77+ "ecosystem" : " Maven"
78+ "name" : " com.microsoft.sqlserver:mssql-jdbc"
79+ },
80+ "ranges" : [
81+ {
82+ "type" : " ECOSYSTEM"
83+ "events" : [
84+ {
85+ "introduced" : " 12.6.0.jre8"
86+ },
87+ {
88+ "fixed" : " 12.6.5.jre8"
89+ }
90+ ]
91+ }
92+ ]
93+ },
94+ {
95+ "package" : {
96+ "ecosystem" : " Maven"
97+ "name" : " com.microsoft.sqlserver:mssql-jdbc"
98+ },
99+ "ranges" : [
100+ {
101+ "type" : " ECOSYSTEM"
102+ "events" : [
103+ {
104+ "introduced" : " 12.8.0.jre8"
105+ },
106+ {
107+ "fixed" : " 12.8.2.jre8"
108+ }
109+ ]
110+ }
111+ ]
112+ },
113+ {
114+ "package" : {
115+ "ecosystem" : " Maven"
116+ "name" : " com.microsoft.sqlserver:mssql-jdbc"
117+ },
118+ "ranges" : [
119+ {
120+ "type" : " ECOSYSTEM"
121+ "events" : [
122+ {
123+ "introduced" : " 12.10.0.jre8"
124+ },
125+ {
126+ "fixed" : " 12.10.2.jre8"
127+ }
128+ ]
129+ }
130+ ]
131+ },
132+ {
133+ "package" : {
134+ "ecosystem" : " Maven"
135+ "name" : " com.microsoft.sqlserver:mssql-jdbc"
136+ },
137+ "ranges" : [
138+ {
139+ "type" : " ECOSYSTEM"
140+ "events" : [
141+ {
142+ "introduced" : " 13.2.0.jre8"
143+ },
144+ {
145+ "fixed" : " 13.2.1.jre8"
146+ }
147+ ]
148+ }
149+ ]
150+ }
151+ ],
152+ "references" : [
153+ {
154+ "type" : " ADVISORY"
155+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2025-59250"
156+ },
157+ {
158+ "type" : " WEB"
159+ "url" : " https://github.com/microsoft/mssql-jdbc/pull/2798"
160+ },
161+ {
162+ "type" : " WEB"
163+ "url" : " https://github.com/microsoft/mssql-jdbc/pull/2800"
164+ },
165+ {
166+ "type" : " WEB"
167+ "url" : " https://github.com/microsoft/mssql-jdbc/pull/2801"
168+ },
169+ {
170+ "type" : " WEB"
171+ "url" : " https://github.com/microsoft/mssql-jdbc/pull/2802"
172+ },
173+ {
174+ "type" : " WEB"
175+ "url" : " https://github.com/microsoft/mssql-jdbc/pull/2803"
176+ },
177+ {
178+ "type" : " WEB"
179+ "url" : " https://github.com/microsoft/mssql-jdbc/pull/2807"
180+ },
181+ {
182+ "type" : " PACKAGE"
183+ "url" : " https://github.com/microsoft/mssql-jdbc"
184+ },
185+ {
186+ "type" : " WEB"
187+ "url" : " https://github.com/microsoft/mssql-jdbc/blob/main/CHANGELOG.md"
188+ },
189+ {
190+ "type" : " WEB"
191+ "url" : " https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59250"
192+ }
193+ ],
194+ "database_specific" : {
195+ "cwe_ids" : [
196+ " CWE-20"
197+ ],
198+ "severity" : " HIGH"
199+ "github_reviewed" : true ,
200+ "github_reviewed_at" : " 2025-11-03T14:53:13Z"
201+ "nvd_published_at" : " 2025-10-14T17:16:07Z"
202+ }
203+ }
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments