This month's Patch Tuesday fixes one publicly disclosed zero-day in Microsoft SQL Server. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available. The publicly disclosed zero-day is: CVE-2025-49719 - Microsoft SQL Server Information Disclosure Vulnerability. Microsoft fixes a flaw in Microsoft SQL Server that could allow a remote, unauthenticated attacker to access data from uninitialized memory.