Microsoft SQL Server, SQL injection enabling network privilege escalation

Overview

CVE-2025-59499 is an SQL injection vulnerability (CWE-89) in Microsoft SQL Server, caused by improper neutralization of special elements used in an SQL command. An attacker who already holds limited but legitimate access to a SQL Server instance can craft input that is concatenated into a server-side SQL statement without proper sanitisation, causing the database engine to execute attacker-controlled SQL in a more privileged context. The result is privilege escalation within the database, up to sysadmin-equivalent rights, performed remotely over the network. Microsoft rated the issue Important with a CVSS 3.1 base score of 8.8. Microsoft's assessment is that exploitation is less likely, no public exploit or in-the-wild activity has been reported, and the CVE is not listed in the CISA Known Exploited Vulnerabilities catalog.

The vulnerability was disclosed and patched in the November 2025 Patch Tuesday cycle. It affects the supported SQL Server product line (2016, 2017, 2019, and 2022), and the risk is highest for instances reachable by lower-trust principals, application service accounts, multi-tenant databases, or hosts exposed to less-trusted networks.

Technical Details

SQL injection occurs when untrusted input is incorporated into a SQL statement as code rather than as data. In a server-side context such as a stored procedure, view, or other T-SQL routine that builds and executes dynamic SQL via concatenation, an authenticated principal can embed SQL metacharacters that break out of the intended statement and append their own logic. Because the injected statement executes with the privileges of the vulnerable routine or under an EXECUTE AS / ownership-chaining context, an attacker with low database privileges can have their SQL run effectively as a higher-privileged principal, the classic path being to grant themselves the sysadmin server role or otherwise escalate.

The CVSS vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H captures the model: the attack is over the network (AV:N) against the SQL Server's listening endpoint, requires low privileges (PR:L) because the attacker must be able to authenticate and submit queries, needs no user interaction (UI:N), and on success fully compromises the database's confidentiality, integrity, and availability (C:H/I:H/A:H). The network vector and 8.8 score reflect that any account able to talk SQL to the instance is a potential launch point.

Impact

• Escalation from a low-privileged database login to high or sysadmin-equivalent privileges within the affected SQL Server instance.
• Unauthorised read and modification of all databases on the instance, including the ability to alter, exfiltrate, or destroy data.
• Potential pivot beyond the database where the service account or linked servers grant access to other systems.
• Network-reachable exploitation by any authenticated principal, raising risk for application-fronted databases, multi-tenant environments, and instances exposed to broad internal or external networks.

Mitigation

1. Apply the November 2025 SQL Server security update for your branch. Confirmed packages include KB5068404 (SQL Server 2019 CU32 + GDR) and KB5068406 (SQL Server 2022 CU21 + GDR); for SQL Server 2017 and 2016, install the corresponding November 2025 GDR or CU+GDR package listed in the MSRC advisory for CVE-2025-59499.
2. Match the update channel to your servicing model: apply the GDR package if the instance is on a GDR-only branch, or the CU + GDR package if it is on the cumulative-update branch, then confirm the product version advanced to the patched build (for example SQL Server 2022 to the 16.0.4215.x / CU21 level).
3. Restart the SQL Server service if the update does not do so automatically, and verify via SELECT @@VERSION that the patched build is running.
4. Enforce least privilege on database logins and application service accounts so a compromised low-privileged principal has the smallest possible blast radius, and review membership of the sysadmin and other high-privilege server roles.
5. As defence in depth, ensure application code uses parameterised queries and review server-side dynamic SQL for unsafe concatenation; restrict network access to the SQL Server listener (firewall rules, no direct internet exposure) so only trusted hosts can reach it.

Detection

With no public exploit and an exploitation-less-likely rating, detection relies on database auditing and anomaly hunting rather than a known indicator. Enable SQL Server Audit (or Extended Events) to log privilege-changing operations and review them continuously: alert on ALTER SERVER ROLE ... ADD MEMBER and sp_addsrvrolemember calls that add a login to the sysadmin or other high-privilege role, on GRANT of server-level permissions such as CONTROL SERVER, and on new login creation (CREATE LOGIN) by accounts that are not legitimate administrators. An ordinary application or reporting login suddenly granting itself elevated roles is the signature behaviour to catch.

Instrument for the injection itself. Server-side and application logs that capture executed statements can be mined for SQL injection patterns, stacked queries separated by semicolons, comment sequences, UNION constructs, or metacharacters appearing in parameters that should be plain data. Web application firewalls and database activity monitoring (DAM) products can flag anomalous query structures and unexpected use of dynamic SQL; tune them to the application's normal query shapes so deviations stand out.

Baseline normal access and alert on deviations: a login querying tables or invoking procedures it has never touched, a spike in error responses (injection probing often generates conversion or syntax errors), or queries arriving from an unusual host or at an unusual time. SQL Server error-log entries for permission and conversion failures clustered around a single login are a useful early signal of probing.

Finally, fold patch state and configuration into detection. Run authenticated scans (Tenable, Qualys, and similar ship plugins keyed to KB5068404 / KB5068406) to find instances still on a vulnerable build, and inventory which logins and applications can reach each instance over the network. Correlate any privilege-escalation audit event with the originating login, host, and recent query history so an analyst can quickly distinguish legitimate administration from abuse, since the exploit's end state, an unexpectedly elevated login, is exactly what disciplined auditing is designed to surface.