Are this percent symbols placeholder? If no and you do no more query preparation, then you should escape them with an extra percent symbol like the documentation says:
Literals (%) as parts of the query must be properly written as %%.
The last security update in WP 4.8.3 was a changed behaviour of esc_sql(). If you using it, here is a solution:
https://make.wordpress.org/core/2017/10/31/changed-behaviour-of-esc_sql-in-wordpress-4-8-3/