KB5065223: Upgrade Newtonsoft.json.dll version to 13.0.1 on SSIS to fix
SQL Server 2019Microsoft
Update from:KB5065223 - Description of the security update for SQL Server 2019 GDR: September 9, 2025
Summary
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:
- CVE-2025-47997 - Microsoft SQL Server Information Disclosure Vulnerability
- CVE-2025-55227 - Microsoft SQL Server Elevation of Privilege Vulnerability
- CVE-2024-21907 - Improper Handling of Exceptional Conditions in Newtonsoft.Json
The Microsoft SQL Server components are updated to the following builds in this security update:
- SQL Server - product version: 15.0.2145.1, file version: 2019.150.2145.1
Improvements and fixes included in this update
A downloadable Microsoft Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists.
- Bug Reference: 4453063
Description: Upgrade Newtonsoft.json.dll version to 13.0.1 on SSIS to fix vulnerability (CVE-2024-21907)
Fix Area: Integration Services
Component: Integration Services
Platform: Windows - Bug Reference: 4535883
Description: Upgrade Newtonsoft.json.dll version to 13.0.1 on SSIS to fix vulnerability (CVE-2024-21907)
Fix Area: Master Data Services
Component: Master Data Services
Platform: Windows - Bug Reference: 4519083
Description: Fixes an issue in which DMVs are used in specific scenarios to inspect the text of statements that are running in other sessions and might contain sensitive data.
Fix Area: SQL Server Engine
Component: Programmability
Platform: Linux, Windows - Bug Reference: 4537468
Description: Fixes improper input validation that occurs during internal temporal history table cleanup and that enables attackers to run SQL code by having elevated privileges.
Fix Area: SQL Server Engine
Component: Temporal
Platform: Linux, Windows
