DNS Bypass Vulnerability in SurrealDB by SurrealDB Inc.
CVE-2025-71390
5.8MEDIUM
What is CVE-2025-71390?
SurrealDB versions prior to 2.2.6, 2.3.6, and 2.1.8 allow authenticated users to bypass network access controls by exploiting insufficient validation of DNS-resolved hostnames. This vulnerability permits unauthorized HTTP requests to internal endpoints that should be restricted, potentially leading to the exposure or alteration of sensitive information and credentials.
Affected Version(s)
surrealdb 0 < 2.3.6, 2.2.6
surrealdb 2.3.6, 2.2.6
