High severityNVD Advisory· Published Oct 14, 2025· Updated Feb 26, 2026
JDBC Driver for SQL Server Spoofing Vulnerability
CVE-2025-59250
Description
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.microsoft.sqlserver:mssql-jdbcMaven | >= 8.3.0.jre11-preview, < 10.2.4.jre11 | 10.2.4.jre11 |
com.microsoft.sqlserver:mssql-jdbcMaven | >= 11.2.0.jre11, < 11.2.4.jre11 | 11.2.4.jre11 |
com.microsoft.sqlserver:mssql-jdbcMaven | >= 12.2.0.jre11, < 12.2.1.jre11 | 12.2.1.jre11 |
com.microsoft.sqlserver:mssql-jdbcMaven | >= 12.6.0.jre11, < 12.6.5.jre11 | 12.6.5.jre11 |
com.microsoft.sqlserver:mssql-jdbcMaven | >= 12.8.0.jre11, < 12.8.2.jre11 | 12.8.2.jre11 |
com.microsoft.sqlserver:mssql-jdbcMaven | >= 12.10.0.jre11, < 12.10.2.jre11 | 12.10.2.jre11 |
com.microsoft.sqlserver:mssql-jdbcMaven | >= 13.2.0.jre11, < 13.2.1.jre11 | 13.2.1.jre11 |
Affected products
203- osv-coords195 versionspkg:apk/chainguard/apache-hoppkg:apk/chainguard/apache-hop-fipspkg:apk/chainguard/apicurio-registrypkg:apk/chainguard/apicurio-registry-nginx-configpkg:apk/chainguard/apicurio-registry-uipkg:apk/chainguard/dependency-trackpkg:apk/chainguard/dependency-track-bundledpkg:apk/chainguard/flywaypkg:apk/chainguard/hadoop-fips-3.3.6pkg:apk/chainguard/hadoop-fips-3.3.6-compatpkg:apk/chainguard/hadoop-fips-3.3.6-devpkg:apk/chainguard/hadoop-fips-3.3.6-m2pkg:apk/chainguard/keycloak-26.2pkg:apk/chainguard/keycloak-26.2-bitnami-compatpkg:apk/chainguard/keycloak-26.2-compatpkg:apk/chainguard/keycloak-26.2-iamguarded-compatpkg:apk/chainguard/keycloak-26.3pkg:apk/chainguard/keycloak-26.3-bitnami-compatpkg:apk/chainguard/keycloak-26.3-compatpkg:apk/chainguard/keycloak-26.3-iamguarded-compatpkg:apk/chainguard/keycloak-26.4pkg:apk/chainguard/keycloak-26.4-compatpkg:apk/chainguard/keycloak-26.4-iamguarded-compatpkg:apk/chainguard/keycloak-26.4-operatorpkg:apk/chainguard/keycloak-26.4-operator-compatpkg:apk/chainguard/keycloak-fips-26.2pkg:apk/chainguard/keycloak-fips-26.2-bitnami-fipspkg:apk/chainguard/keycloak-fips-26.2-iamguarded-fipspkg:apk/chainguard/keycloak-fips-26.3pkg:apk/chainguard/keycloak-fips-26.3-bitnami-fipspkg:apk/chainguard/keycloak-fips-26.3-iamguarded-fipspkg:apk/chainguard/keycloak-fips-26.3-operatorpkg:apk/chainguard/keycloak-fips-26.3-operator-compatpkg:apk/chainguard/keycloak-fips-26.4pkg:apk/chainguard/keycloak-fips-26.4-iamguarded-fipspkg:apk/chainguard/keycloak-fips-26.4-operatorpkg:apk/chainguard/keycloak-fips-26.4-operator-compatpkg:apk/chainguard/sonarqubepkg:apk/chainguard/sonarqube-docker-compatpkg:apk/chainguard/sonarqube-scriptspkg:apk/chainguard/tezpkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-http-server-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-phoenix5pkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/trino-plugin-verticapkg:apk/wolfi/apicurio-registrypkg:apk/wolfi/apicurio-registry-nginx-configpkg:apk/wolfi/apicurio-registry-uipkg:apk/wolfi/dependency-trackpkg:apk/wolfi/dependency-track-bundledpkg:apk/wolfi/flywaypkg:apk/wolfi/keycloak-26.3pkg:apk/wolfi/keycloak-26.3-bitnami-compatpkg:apk/wolfi/keycloak-26.3-compatpkg:apk/wolfi/keycloak-26.3-iamguarded-compatpkg:apk/wolfi/keycloak-26.4pkg:apk/wolfi/keycloak-26.4-compatpkg:apk/wolfi/keycloak-26.4-iamguarded-compatpkg:apk/wolfi/keycloak-26.4-operatorpkg:apk/wolfi/keycloak-26.4-operator-compatpkg:apk/wolfi/sonarqubepkg:apk/wolfi/sonarqube-docker-compatpkg:apk/wolfi/sonarqube-scriptspkg:apk/wolfi/tezpkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-http-server-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-phoenix5pkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/trino-plugin-verticapkg:maven/com.microsoft.sqlserver/mssql-jdbc
< 2.15.0-r14+ 194 more
- (no CPE)range: < 2.15.0-r14
- (no CPE)range: < 2.15.0-r16
- (no CPE)range: < 3.1.4-r2
- (no CPE)range: < 3.1.4-r2
- (no CPE)range: < 3.1.4-r2
- (no CPE)range: < 4.13.6-r0
- (no CPE)range: < 0
- (no CPE)range: < 11.15.0-r1
- (no CPE)range: < 3.3.6-r15
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 26.3.5-r4
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 26.3.5-r4
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.4.2-r0
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.4.2-r0
- (no CPE)range: < 26.4.2-r0
- (no CPE)range: < 26.2.5-r9
- (no CPE)range: < 0
- (no CPE)range: < 26.2.5-r9
- (no CPE)range: < 26.3.5-r4
- (no CPE)range: < 0
- (no CPE)range: < 26.3.5-r4
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.10.5-r7
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 3.1.4-r2
- (no CPE)range: < 3.1.4-r2
- (no CPE)range: < 3.1.4-r2
- (no CPE)range: < 4.13.6-r0
- (no CPE)range: < 0
- (no CPE)range: < 11.15.0-r1
- (no CPE)range: < 26.3.5-r4
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 26.3.5-r4
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.4.2-r0
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.4.2-r0
- (no CPE)range: < 26.4.2-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.10.5-r7
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 0
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: < 478-r2
- (no CPE)range: >= 8.3.0.jre11-preview, < 10.2.4.jre11
- Microsoft/Microsoft JDBC Driver for SQL Server 10.2v5Range: 1.0.0
- Microsoft/Microsoft JDBC Driver for SQL Server 11.2v5Range: 1.0.0
- Microsoft/Microsoft JDBC Driver for SQL Server 12.10v5Range: 1.0.0
- Microsoft/Microsoft JDBC Driver for SQL Server 12.2v5Range: 1.0.0
- Microsoft/Microsoft JDBC Driver for SQL Server 12.4v5Range: 1.0.0
- Microsoft/Microsoft JDBC Driver for SQL Server 12.6v5Range: 1.0.0
- Microsoft/Microsoft JDBC Driver for SQL Server 12.8v5Range: 1.0.0
- Microsoft/Microsoft JDBC Driver for SQL Server 13.2v5Range: 1.0.0
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-m494-w24q-6f7wghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59250ghsavendor-advisorypatchWEB
- nvd.nist.gov/vuln/detail/CVE-2025-59250ghsaADVISORY
- github.com/microsoft/mssql-jdbc/blob/main/CHANGELOG.mdghsaWEB
- github.com/microsoft/mssql-jdbc/commit/9732e1bbc6ec44166fda2cddab31ce1c86c873ddghsaWEB
- github.com/microsoft/mssql-jdbc/pull/2798ghsaWEB
- github.com/microsoft/mssql-jdbc/pull/2800ghsaWEB
- github.com/microsoft/mssql-jdbc/pull/2801ghsaWEB
- github.com/microsoft/mssql-jdbc/pull/2802ghsaWEB
- github.com/microsoft/mssql-jdbc/pull/2803ghsaWEB
- github.com/microsoft/mssql-jdbc/pull/2807ghsaWEB
- learn.microsoft.com/en-us/sql/connect/jdbc/microsoft-jdbc-driver-for-sql-server-support-matrixghsaWEB
News mentions
0No linked articles in our index yet.