CVE-2025-59250
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-30
Assigner: Microsoft Corporation
Description
Description
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | jdbc_driver_for_sql_server | From 10.2.0 (inc) to 10.2.4 (exc) |
| microsoft | jdbc_driver_for_sql_server | From 11.2.0 (inc) to 11.2.4 (exc) |
| microsoft | jdbc_driver_for_sql_server | From 12.2.0 (inc) to 12.2.1 (exc) |
| microsoft | jdbc_driver_for_sql_server | From 12.4.0 (inc) to 12.4.3 (exc) |
| microsoft | jdbc_driver_for_sql_server | From 12.6.0 (inc) to 12.6.5 (exc) |
| microsoft | jdbc_driver_for_sql_server | From 12.8.0 (inc) to 12.8.2 (exc) |
| microsoft | jdbc_driver_for_sql_server | From 12.10.0 (inc) to 12.10.2 (exc) |
| microsoft | jdbc_driver_for_sql_server | From 13.2.0 (inc) to 13.2.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo | |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
