CVE-2023-32025: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
First published: Thu Jun 15 2023(Updated: )
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft ODBC Driver 18 for SQL Server | ||
| Microsoft ODBC Driver 17 for SQL Server | ||
| Microsoft ODBC Driver 17 for SQL Server | ||
| Microsoft ODBC Driver 18 for SQL Server | ||
| Microsoft ODBC Driver 18 for SQL Server | ||
| Microsoft ODBC Driver 17 for SQL Server | ||
| Microsoft SQL Server 2022 | ||
| Microsoft SQL Server 2019 | ||
| Microsoft Visual Studio 2019 | =16.11 | |
| Visual Studio Professional 2022 | =17.2 | |
| Visual Studio Professional 2022 | =17.6 | |
| Visual Studio Professional 2022 | =17.8 | |
| Microsoft ODBC Driver 13 for SQL Server | >=17.0.1.1<17.10.4.1 | |
| Microsoft ODBC Driver 13 for SQL Server | >=17.0.1.1<17.10.4.1 | |
| Microsoft ODBC Driver 13 for SQL Server | >=17.0.1.1<17.10.4.1 | |
| Microsoft ODBC Driver 13 for SQL Server | >=18.0.1.1<18.2.1.1 | |
| Microsoft ODBC Driver 13 for SQL Server | >=18.0.1.1<18.2.1.1 | |
| Microsoft ODBC Driver 13 for SQL Server | >=18.0.1.1<18.2.1.1 | |
| Microsoft SQL Server | =2019 | |
| Microsoft SQL Server | =2022 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-32025?
The severity of CVE-2023-32025 is high with a CVSS score of 7.8.
How does CVE-2023-32025 impact Microsoft ODBC Driver for SQL Server?
CVE-2023-32025 allows remote code execution in the Microsoft ODBC Driver for SQL Server.
Which versions of Microsoft ODBC Driver for SQL Server are affected by CVE-2023-32025?
Microsoft ODBC Driver 18 for SQL Server on Linux and MacOS, ODBC Driver 17 for SQL Server on Linux and Windows, and ODBC Driver 18 for SQL Server on Windows are affected by CVE-2023-32025.
How can I fix CVE-2023-32025 in the affected Microsoft ODBC Driver for SQL Server versions?
To fix CVE-2023-32025 in the affected Microsoft ODBC Driver for SQL Server versions, you can apply the appropriate patches provided by Microsoft.
Where can I find more information about CVE-2023-32025?
You can find more information about CVE-2023-32025 on the Microsoft Security Response Center website.
- agent/type
- agent/first-publish-date
- collector/msrc
- source/Microsoft
- collector/msrc-cve
- agent/remedy
- agent/severity
- agent/title
- agent/references
- agent/description
- agent/event
- agent/author
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- collector/nvd-api
- source/NVD
- vendor/microsoft
- canonical/microsoft odbc driver 18 for sql server
- canonical/microsoft odbc driver 17 for sql server
- canonical/microsoft sql server 2022
- canonical/microsoft sql server 2019
- canonical/microsoft visual studio 2019
- version/microsoft visual studio 2019/16.11
- canonical/visual studio professional 2022
- version/visual studio professional 2022/17.2
- version/visual studio professional 2022/17.6
- version/visual studio professional 2022/17.4
- version/visual studio professional 2022/17.8
- canonical/microsoft odbc driver 13 for sql server
- version/microsoft odbc driver 13 for sql server/17.0.1.1
- version/microsoft odbc driver 13 for sql server/18.0.1.1
- canonical/microsoft sql server
- version/microsoft sql server/2019
- version/microsoft sql server/2022