KB5065222: Fixes improper input validation that occurs during internal temporal history table cleanup
SQL Server 2019Microsoft
Update from:KB5065222 - Description of the security update for SQL Server 2019 CU32: September 9, 2025
Summary
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:
- CVE-2025-47997 - Microsoft SQL Server Information Disclosure Vulnerability
- CVE-2025-55227 - Microsoft SQL Server Elevation of Privilege Vulnerability
- CVE-2024-21907 - Improper Handling of Exceptional Conditions in Newtonsoft.Json
The Microsoft SQL Server components are updated to the following builds in this security update:
- SQL Server - product version: 15.0.4445.1, file version: 2019.150.4445.1
Improvements and fixes included in this update
A downloadable Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists
- Bug Reference: 4248592
Description: Upgrade Newtonsoft.json.dll version to 13.0.1 on SSIS to fix vulnerability (CVE-2024-21907).
Fix Area: Integration Services
Component: Integration Services
Platform: Windows - Bug Reference: 4535847
Description: Upgrade Newtonsoft.json.dll version to 13.0.1 on MDS to fix vulnerability (CVE-2024-21907).
Fix Area: Master Data Services
Component: Master Data Services
Platform: Windows - Bug Reference: 4519081
Description: Fixes an issue in which DMVs are used in specific scenarios to inspect the text of statements that are running in other sessions and might contain sensitive data.
Fix Area: SQL Server Engine
Component: Programmability
Platform: Linux, Windows - Bug Reference: 4537457
Description: Fixes improper input validation that occurs during internal temporal history table cleanup and that enables attackers to run SQL code by having elevated privileges.
Fix Area: SQL Server Engine
Component: Temporal
Platform: Linux, Windows
