KB5068405: This update resolves an issue in SQL Server Analysis Services

KB5068405 - Description of the security update for SQL Server 2019 GDR: November 11, 2025

Summary
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:

• CVE-2025-59499 - Microsoft SQL Server Elevation of Privilege Vulnerability​​​​​​​

The Microsoft SQL Server components are updated to the following builds in this security update:

• SQL Server - product version: 15.0.2155.2, file version: 2019.150.2155.2
  Improvements and fixes included in this update
  A downloadable Microsoft Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available.

Bug Ref: 4653538

• This update resolves an issue in SQL Server Analysis Services in which Row-Level Security (RLS) filters could be skipped when combined with Object-Level Security (OLS) and Column-Level Security (CLS) in certain multi-role configurations. This issue occurs only under rare and contradictory setups (for example, a role that grants table-level read permission while it restricts all columns, combined with other similar restrictive roles). The fix ensures that RLS is consistently applied in all scenarios.

Bug Ref: 4711192

• This hotfix addresses a SQL injection vulnerability in an internal backup stored procedure that was inadvertently exposed to all users. The hotfix restricts unauthorized access and mitigates the risk by correctly sanitizing input parameters.