Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Submitting arbitrary SQL normally requires query-capable credentials, so PR:L rather than PR:N; network-reachable, low-complexity, availability-only crash with no confidentiality or integrity impact.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
AnalysisAI
Denial of service in OpenLink Virtuoso Open-Source Edition 7.2.11 lets attackers crash the database server by submitting crafted SQL statements that mishandle the sqlo_key_part_best query-optimizer routine. The flaw carries no confidentiality or integrity impact (availability-only, CVSS 7.5) and there is no public exploit identified at time of analysis; EPSS is low at 0.15% (4th percentile), and it is not listed in CISA KEV. The only public reference is the upstream GitHub issue (#1222) tracking the crash.
Technical ContextAI
Virtuoso is a multi-model database and RDF triplestore (the engine behind large linked-data deployments such as DBpedia) that exposes SQL and, in many installations, SPARQL-over-SQL endpoints. The affected component, sqlo_key_part_best, is part of the SQL cost-based query optimizer responsible for choosing the best index key part during query planning. Although the record is tagged CWE-89 (SQL Injection), the observed and scored effect is purely a crash/Denial of Service (A:H, with C:N/I:N) rather than data exfiltration or injection of unauthorized queries - the CWE class here points to malformed/crafted SQL reaching a code path the optimizer fails to handle safely, leading to abnormal termination. The CPE entry is a placeholder (cpe:2.3:a:n/a:n/a:*) and provides no usable product/version match, so version scoping relies on the textual reference to v7.2.11.
RemediationAI
No vendor-released patch version is identified at time of analysis; the only upstream artifact is GitHub issue https://github.com/openlink/virtuoso-opensource/issues/1222, so monitor that issue and the openlink/virtuoso-opensource releases for a fixed tag and upgrade as soon as one is published past 7.2.11. As compensating controls until a fix exists: require authentication for all SQL access and disable or firewall any anonymous public SPARQL/SQL endpoint (Virtuoso's /sparql and SQL listener) so untrusted clients cannot submit arbitrary queries - trade-off is loss of public linked-data query access; restrict the database listener to trusted networks via host firewall or bind-address; and apply rate limiting / connection quotas and process supervision (auto-restart, e.g. systemd Restart=on-failure) to limit and recover from crash-based DoS, accepting that this mitigates impact rather than preventing the crash.
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST
Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when
Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce
Same weakness CWE-89 – SQL Injection
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210314
GHSA-ph87-jqrm-qmr3