CVE-2025-61022 openlink CVE debrief

Who should care

Defenders of openlink virtuoso-opensource v7.2.11 installations should be aware of this HIGH severity Denial of Service (DoS) vulnerability. Attackers can exploit this vulnerability using crafted SQL statements. The vulnerability has a CVSS score of 7.5, indicating a significant risk.

Technical summary

The vulnerability CVE-2025-61022 is located in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11. It allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The CVE has a HIGH severity score of 7.5. The weakness associated with this vulnerability is CWE-89.

Defensive priority

Defenders should prioritize patching or mitigating this HIGH severity vulnerability. The vulnerability can be exploited using crafted SQL statements, which can cause a Denial of Service (DoS).

Recommended defensive actions

• Review and apply patches or updates for openlink virtuoso-opensource v7.2.11.
• Implement compensating controls to detect and prevent crafted SQL statements.
• Monitor installations of openlink virtuoso-opensource v7.2.11 for suspicious activity.
• Perform inventory checks to identify and update vulnerable installations.
• Consider implementing additional security measures to protect against Denial of Service (DoS) attacks.

Evidence notes

Evidence for this vulnerability comes from the NVD and CVE.org. The CVE was published on 2026-06-23T17:16:39.267Z and last modified on 2026-06-23T18:17:40.150Z. The vulnerability has a CVSS score of 7.5 and is classified as CWE-89. Further review is needed to determine the full scope of the vulnerability.

Official resources