DNS Bypass Vulnerability in SurrealDB by SurrealDB Inc.
CVE-2025-71390

5.8MEDIUM

Key Information:

Vendor

Surrealdb

Status
Vendor
CVE Published:
18 July 2026

What is CVE-2025-71390?

SurrealDB versions prior to 2.2.6, 2.3.6, and 2.1.8 allow authenticated users to bypass network access controls by exploiting insufficient validation of DNS-resolved hostnames. This vulnerability permits unauthorized HTTP requests to internal endpoints that should be restricted, potentially leading to the exposure or alteration of sensitive information and credentials.

Affected Version(s)

surrealdb 0 < 2.3.6, 2.2.6

surrealdb 2.3.6, 2.2.6

References

CVSS V4

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

manelmontilla
.