SQL SERVER 2025 CU5 (Cumulative Update 5) Is OUT! A Hot Take on the New Features for DBAs
Before we dive into today's topic, if you missed my previous post you can take a look at Check SQL Server Plan Cache Pollution (III) in 45 Seconds, The "45 Seconds DBA Series" | Part 24. 👉 If you found this deep-dive helpful, feel free to check out the ads—your support helps me keep creating high-quality SQL Server content for the community.
SQL SERVER 2025 CU5 (Cumulative Update 5) Is OUT! A Hot Take on the New Features for DBAs
This CU is not just maintenance — it directly impacts performance stability and production reliability.
In this post, I’ll show you what really matters inside SQL Server 2025 CU5, why some fixes are potentially production-saving, and what every DBA should immediately validate after patching.
⚡ We will also see practical T-SQL examples you can run immediately in your own environment.
🧠 TL;DR BOX
✔️ SQL Server 2025 CU5 fixes CPU starvation issues in In-Memory OLTP hash index garbage collection 🛠️
✔️ New Full-Text Search improvements introduce FulltextIndexVersion2 support 🚀
✔️ Critical security vulnerabilities fixed including XXE and SQL Injection issues 💣
✔️ Linux replication environments now support change feed configuration through mssql.conf ⚙️
Hi SQL SERVER Guys and Gals,
We all know the truth:
A single CU can silently fix the exact bottleneck destroying your production server.
SQL Server 2025 CU5 is one of those updates that DBAs should NOT ignore. But here at sqlserverperformace, we don't take things at face value. Starting tomorrow, we will run our usual rigorous tests and benchmarks.
Why?
- 💣 Performance fixes
- 💣 Security vulnerabilities
- 💣 In-Memory OLTP scheduling improvements
- 💣 Full-Text Search correctness fixes
- 💣 Replication enhancements for Linux deployments
🧠 What REALLY Matters in CU5
💣 In-Memory OLTP CPU Starvation Fix
One of the most important fixes in CU5 is related to hash index garbage collection inside In-Memory OLTP.
Microsoft added additional scheduler yields during garbage collection scans.
Translation for DBAs?
Under heavy workloads, some schedulers could become monopolized by aggressive garbage collection activity, causing CPU starvation symptoms.
🔍 DIAGNOSIS
Symptoms often include:
- ⚡ SOS_SCHEDULER_YIELD waits exploding
- ⚡ High CPU with poor throughput
- ⚡ Uneven scheduler utilization
- ⚡ Latency spikes under memory-optimized workloads
🧪 QUERY
-- 🔍 CPU Diagnostic Query
-- Check scheduler pressure
SELECT
scheduler_id,
cpu_id,
current_tasks_count,
runnable_tasks_count,
active_workers_count,
load_factor
FROM sys.dm_os_schedulers
WHERE status = 'VISIBLE ONLINE'
ORDER BY runnable_tasks_count DESC;
🚀 FIX
If you heavily use memory-optimized tables with HASH indexes:
- ✔️ Patch immediately
- ✔️ Validate wait stats before/after CU5
- ✔️ Benchmark throughput changes
- ✔️ Monitor runnable_tasks_count carefully
⚡ Full-Text Search Improvements
CU5 introduces support for:
fulltext_index_version = 2
This is VERY interesting.
Microsoft is clearly continuing the Full-Text Search modernization work already started in previous CUs.
🧪 QUERY
-- 🔍 Enable FulltextIndexVersion2
ALTER DATABASE SCOPED CONFIGURATION
SET FULLTEXT_INDEX_VERSION = 2;
CU5 also fixes incorrect indexing behavior involving .docx documents containing hyperlinks at paragraph boundaries.
Sounds niche?
Not if your enterprise search engine depends on legal documents, contracts, or SharePoint-style archives.
💣 Security Fixes You Should NOT Ignore
💣 XXE Vulnerability Fix in SSIS
SQL Server 2025 CU5 blocks the file:// protocol in WSDL endpoints inside the Web Service Task.
This prevents:
- Unauthorized file access
- Potential denial-of-service attacks
- XML External Entity abuse
⚡ If you run SSIS packages interacting with external SOAP services:
This patch is mandatory.
💣 SQL Injection Fix in Spatial Stored Procedures
CU5 fixes SQL injection vulnerabilities involving:
- sp_help_spatial_geography_index
- sp_help_spatial_geometry_index
Even internal system procedures can become attack surfaces.
Real DBAs understand this:
Security IS performance.
A compromised SQL Server quickly becomes an unusable SQL Server.
⚡ SESSION_CONTEXT Known Issue Still Matters
Microsoft explicitly warns about incorrect behavior involving SESSION_CONTEXT under parallel plans.
This issue may:
- 💣 Return incorrect results
- 💣 Trigger AV dumps
- 💣 Appear when sessions are reused
🧪 QUERY
-- 🔍 SESSION_CONTEXT test
EXEC sp_set_session_context
@key = N'ApplicationUser',
@value = N'Luca';
SELECT SESSION_CONTEXT(N'ApplicationUser');
⚡ Pay attention if:
- Connection pooling is enabled
- Parallelism is aggressive
- You use SESSION_CONTEXT for row-level filtering
🧠 Linux Replication Improvement
CU5 adds support for configuring change feed parameters through:
mssql.conf
This is another signal that Microsoft continues pushing Linux-based SQL Server deployments seriously.
📊 TAKEAWAY
- ⚡ CU5 is NOT a cosmetic update
- ⚡ In-Memory OLTP environments should strongly consider patching
- ⚡ Full-Text Search continues evolving rapidly in SQL Server 2025
- ⚡ Security fixes alone justify validation and rollout planning
- ⚡ SESSION_CONTEXT parallelism issues still deserve attention
🚀 My REAL Strategy
In real enterprise environments, I NEVER deploy a CU blindly.
My approach is always:
- ✔️ Capture baseline waits
- ✔️ Capture CPU utilization
- ✔️ Benchmark critical stored procedures
- ✔️ Compare execution plans before and after
- ✔️ Validate Query Store regressions
⚡ CU5 specifically deserves benchmarking around:
- In-Memory OLTP throughput
- Full-Text Search correctness
- SESSION_CONTEXT workloads
- Parallel query stability
And yes...
We will analyze EVERY important CU5 fix in detail very soon with benchmarks and stress tests as usual on this blog.
📚 Official Sources
- Microsoft KB5084896 - SQL Server 2025 CU5
- Microsoft Learn - SQL Server Documentation
- sys.dm_os_schedulers Documentation
- SESSION_CONTEXT Documentation
Performance Tuning Knowledge Hub
Everything you need to master SQL Server, all in one place.
Comments
Post a Comment