Denial of Service Vulnerability in SurrealDB by SurrealDB Inc.
CVE-2025-71391
7.1HIGH
What is CVE-2025-71391?
The SurrealDB software, prior to version 2.2.2, contains a vulnerability in its net module that exposes the database to integrity risks. Authenticated users can exploit this vulnerability by sending specially crafted HTTP queries with null bytes to the /sql endpoint. This action triggers an unhandled exception, leading to a crash of the SurrealDB instance and potentially affecting any applications dependent on it. This flaw necessitates immediate attention from users to safeguard against potential disruptions.
Affected Version(s)
surrealdb 0 < 2.2.2
surrealdb 0 < 2.1.5
surrealdb 0 < 2.0.5
