Base Score

HIGH8.1

CVE-2025-59250

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.

VectorNETWORK

Published Bysecure@microsoft.com

Published DateOct 14, 2025, 17:16

Affected Versions(7)

com.microsoft.sqlserver:mssql-jdbc(Maven)

Introduced8.3.0.jre11-preview

Fixed10.2.4.jre11

LimitN/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

Introduced11.2.0.jre11

Fixed11.2.4.jre11

LimitN/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

Introduced12.2.0.jre11

Fixed12.2.1.jre11

LimitN/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

Introduced12.6.0.jre11

Fixed12.6.5.jre11

LimitN/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

Introduced12.8.0.jre11

Fixed12.8.2.jre11

LimitN/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

Introduced12.10.0.jre11

Fixed12.10.2.jre11

LimitN/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

Introduced13.2.0.jre11

Fixed13.2.1.jre11

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
com.microsoft.sqlserver:mssql-jdbc(Maven)	8.3.0.jre11-preview	10.2.4.jre11	N/A
com.microsoft.sqlserver:mssql-jdbc(Maven)	11.2.0.jre11	11.2.4.jre11	N/A
com.microsoft.sqlserver:mssql-jdbc(Maven)	12.2.0.jre11	12.2.1.jre11	N/A
com.microsoft.sqlserver:mssql-jdbc(Maven)	12.6.0.jre11	12.6.5.jre11	N/A
com.microsoft.sqlserver:mssql-jdbc(Maven)	12.8.0.jre11	12.8.2.jre11	N/A
com.microsoft.sqlserver:mssql-jdbc(Maven)	12.10.0.jre11	12.10.2.jre11	N/A
com.microsoft.sqlserver:mssql-jdbc(Maven)	13.2.0.jre11	13.2.1.jre11	N/A

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59250

Base Score

HIGH8.1

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE

Package (Ecosystem)

Introduced

Fixed

Limit

com.microsoft.sqlserver:mssql-jdbc(Maven)

8.3.0.jre11-preview

10.2.4.jre11

N/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

11.2.0.jre11

11.2.4.jre11

N/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

12.2.0.jre11

12.2.1.jre11

N/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

12.6.0.jre11

12.6.5.jre11

N/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

12.8.0.jre11

12.8.2.jre11

N/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

12.10.0.jre11

12.10.2.jre11

N/A

com.microsoft.sqlserver:mssql-jdbc(Maven)

13.2.0.jre11

13.2.1.jre11

N/A