Patch tracker / Products / Microsoft SQL Server 2025 (CU4)
Microsoft SQL Server 2025 (CU4): vulnerabilities and security updates
Every CVE affecting Microsoft SQL Server 2025 (CU4) and the Microsoft update (KB) that fixes it, ranked by real-world risk. Actively exploited (CISA KEV) first, then EPSS exploit probability, on top of CVSS severity.
CVEs
1
Updates (KBs)
10
Actively exploited (KEV)
0
Critical Severity
0
CVEs affecting Microsoft SQL Server 2025 (CU4)
| CVE | Severity | CVSS | EPSS | Status |
|---|---|---|---|---|
| CVE-2026-40370 | High | 8.8 | 0.6% | - |
Updates (KBs) for Microsoft SQL Server 2025 (CU4)
| Update | Released | Severity | CVSS | EPSS | CVEs | Status |
|---|---|---|---|---|---|---|
| KB5089270 | 2026-05-12 | High | 8.8 | 0.6% | 1 | - |
| KB5089271 | 2026-05-12 | High | 8.8 | 0.6% | 1 | - |
| KB5089899 | 2026-05-12 | High | 8.8 | 0.6% | 1 | - |
| KB5089900 | 2026-05-12 | High | 8.8 | 0.6% | 1 | - |
| KB5090347 | 2026-05-12 | High | 8.8 | 0.6% | 1 | - |
| KB5090354 | 2026-05-12 | High | 8.8 | 0.6% | 1 | - |
| KB5090407 | 2026-05-12 | High | 8.8 | 0.6% | 1 | - |
| KB5090408 | 2026-05-12 | High | 8.8 | 0.6% | 1 | - |
| KB5091158 | 2026-05-12 | High | 8.8 | 0.6% | 1 | - |
| KB5091223 | 2026-05-12 | High | 8.8 | 0.6% | 1 | - |
Ranked across all products on the Microsoft patch tracker and the CVE and vulnerability management reference. Browse every product: product index.
