Memory Exhaustion Vulnerability in SurrealDB with Scripting Enabled
CVE-2025-71393
6MEDIUM
What is CVE-2025-71393?
SurrealDB versions prior to 2.2.2, when utilizing scripting capabilities, do not adequately impose recursion limits in scenarios where native functions embed JavaScript that triggers additional queries. This allows authenticated attackers to exploit the system by chaining native and JavaScript function calls, leading to infinite recursion and ultimately exhausting the server's memory resources. The vulnerability presents significant risks for server stability and can potentially disrupt services for legitimate users.
Affected Version(s)
surrealdb 0 < 2.2.2
surrealdb 0 < 2.1.5
surrealdb 0 < 2.0.5
