CVE-2025-61023 OpenLink CVE debrief

Who should care

Security teams and administrators responsible for openlink virtuoso-opensource v7.2.11 should be aware of this vulnerability. The vulnerability has a high CVSS score, indicating a significant risk to affected systems. Organizations using this software should review their inventory and apply necessary patches or mitigations.

Technical summary

The vulnerability is located in the st_compare component of openlink virtuoso-opensource v7.2.11. Attackers can exploit this vulnerability by sending crafted SQL statements, which can cause a Denial of Service (DoS). The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a high severity. The weakness associated with this vulnerability is CWE-89.

Defensive priority

High priority should be given to patching or mitigating this vulnerability due to its high CVSS score and potential impact on affected systems.

Recommended defensive actions

• Review inventory to identify affected systems
• Apply patches or updates provided by the vendor
• Implement compensating controls to mitigate the vulnerability
• Monitor systems for suspicious activity
• Consider isolating affected systems until patched

Evidence notes

The CVE record and NVD detail provide information about this vulnerability. The CVE record was published on 2026-06-23T17:16:39.363Z and last modified on 2026-06-25T19:16:35.080Z. The NVD detail provides additional information about the vulnerability, including its CVSS score and vector.

Official resources