CVE-2025-61024

An attacker who can connect to the Virtuoso database server (e.g., via isql on port 1111) and execute arbitrary SQL can trigger a crash by sending the crafted UPDATE statement shown in the PoC [ref_id=1]. The payload exploits a malformed SQL query that combines a view definition with a nested subquery containing a division-by-zero constant (`127 / 0`) and a complex CASE expression in the UPDATE's WHERE clause. No authentication beyond the default DBA credentials is required if the server is exposed, and the crash leads to a denial of service.

The crash occurs in `sqlo_try_in_loop` (backtrace frame #0) within the Virtuoso 7.2.11 SQL query compiler. The call chain `sqlc_update_view` → `sqlc_update_searched` → `sqlo_query_spec` → `sqlo_top_2` → `sqlo_layout` → `sqlo_layout_1` → `sqlo_try` → `sqlo_try_in_loop` shows that the fault is triggered during compilation of a crafted UPDATE statement on a view that contains complex nested subqueries, CASE expressions, and division-by-zero constants.

The advisory does not include a patch or fix commit. The issue report [ref_id=1] only documents the crash and provides a reproducible test case. Until a fix is published, the recommended mitigation is to restrict network access to the Virtuoso server and avoid executing untrusted SQL statements.

1. Write the PoC SQL (the UPDATE statement from the issue) to `/tmp/test.sql`. 2. Remove any existing container: `docker container rm virtdb_test -f` 3. Start the Virtuoso container: `docker run --name virtdb_test -itd --env DBA_PASSWORD=dba pkleef/virtuoso-opensource-7` 4. Wait 10 seconds for the server to start. 5. Verify connectivity: `echo "SELECT 1;" | docker exec -i virtdb_test isql 1111 dba` 6. Run the PoC: `cat /tmp/test.sql | docker exec -i virtdb_test isql 1111 dba` 7. Observe the crash in the backtrace.