CVE-2025-61028 OpenLink CVE debrief

Who should care

Defenders of openlink virtuoso-opensource v7.2.11 installations should be aware of this vulnerability. Users of this software should review their inventory and assess the risk of exploitation. Administrators should prioritize patching or mitigating this vulnerability to prevent potential Denial of Service (DoS) attacks.

Technical summary

The vulnerability CVE-2025-61028 affects openlink virtuoso-opensource v7.2.11. It is caused by an issue in the time_t_to_dt component. Attackers can exploit this vulnerability by sending crafted SQL statements, which can lead to a Denial of Service (DoS). The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. The attack vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Defensive priority

High priority should be given to patching or mitigating this vulnerability. Defenders should review their inventory of openlink virtuoso-opensource v7.2.11 installations and apply patches or compensating controls as soon as possible.

Recommended defensive actions

• Review inventory of openlink virtuoso-opensource v7.2.11 installations
• Assess risk of exploitation
• Apply patches or compensating controls
• Monitor for potential Denial of Service (DoS) attacks
• Consider implementing additional security measures to protect against SQL-based attacks

Evidence notes

The evidence for this vulnerability comes from the official vulnerability database (NVD). The CVE record was published on 2026-06-23T17:16:39.657Z and last modified on 2026-06-25T15:16:33.993Z. Additional information can be found in the source item URL.

Official resources