CVE-2025-61027 OpenLink CVE debrief

Who should care

Organizations using openlink virtuoso-opensource v7.2.11 should prioritize patching this vulnerability to prevent potential Denial of Service (DoS) attacks. Security teams and administrators responsible for maintaining openlink virtuoso-opensource installations should take immediate action.

Technical summary

The vulnerability is caused by an issue in the t_set_push component of openlink virtuoso-opensource v7.2.11. Attackers can exploit this vulnerability by sending crafted SQL statements, leading to a Denial of Service (DoS). The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a high severity. The CWE-89 weakness is associated with this vulnerability.

Defensive priority

High priority should be given to patching this vulnerability, as it can lead to a Denial of Service (DoS) attack. Security teams should ensure that openlink virtuoso-opensource v7.2.11 installations are updated to a patched version.

Recommended defensive actions

• Patch openlink virtuoso-opensource v7.2.11 to the latest version
• Review and update SQL statements to prevent crafted queries
• Monitor openlink virtuoso-opensource installations for suspicious activity
• Implement compensating controls to detect and prevent DoS attacks
• Verify vendor remediation workflow and exception tracking

Evidence notes

The CVE record and NVD detail provide official information on this vulnerability. The source item URL provides additional context from the NVD database. The reference URL points to an issue on the openlink/virtuoso-opensource GitHub page.

Official resources