As of July 8, 2025, there is no publicly available information regarding a vulnerability identified as CVE-2025-49719 affecting Microsoft SQL Server. It's possible that this CVE has not been disclosed or does not exist.
However, several remote code execution vulnerabilities have been identified in Microsoft SQL Server in recent years. For instance, CVE-2024-49021, disclosed in November 2024, allows attackers to execute arbitrary code on the server by sending specially crafted SQL queries. This vulnerability affects multiple versions of Microsoft SQL Server, including 2016, 2017, 2019, and 2022.
Another example is CVE-2024-28909, disclosed in April 2024, which affects the Microsoft OLE DB Driver for SQL Server. An attacker could exploit this vulnerability by tricking an authenticated user into connecting to a malicious SQL server via OLEDB, potentially leading to remote code execution on the client.
To protect your systems, it's crucial to regularly apply security updates provided by Microsoft. For instance, in July 2024, Microsoft released security updates addressing multiple vulnerabilities in SQL Server, including remote code execution issues.
For the most accurate and up-to-date information on vulnerabilities and patches, refer to Microsoft's official security update guide.
Source: MSRC Security Update Guide - Microsoft Security Response Center