Denial of Service Vulnerability in SurrealDB by SurrealDB Inc.
CVE-2025-71391

7.1HIGH

Key Information:

Vendor

Surrealdb

Status
Vendor
CVE Published:
18 July 2026

What is CVE-2025-71391?

The SurrealDB software, prior to version 2.2.2, contains a vulnerability in its net module that exposes the database to integrity risks. Authenticated users can exploit this vulnerability by sending specially crafted HTTP queries with null bytes to the /sql endpoint. This action triggers an unhandled exception, leading to a crash of the SurrealDB instance and potentially affecting any applications dependent on it. This flaw necessitates immediate attention from users to safeguard against potential disruptions.

Affected Version(s)

surrealdb 0 < 2.2.2

surrealdb 0 < 2.1.5

surrealdb 0 < 2.0.5

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

castilho101
.