Local File Read Vulnerability in SurrealDB by SurrealDB
CVE-2025-71394
2.3LOW
What is CVE-2025-71394?
SurrealDB versions prior to 2.2.2 are susceptible to a local file read vulnerability within the DEFINE ANALYZER statement. This issue permits authenticated users, particularly those with root, namespace, or database-level privileges, to manipulate analyzer configurations to access arbitrary file paths on the server. Consequently, malicious actors can extract sensitive information from files formatted as two-column tab-separated values, potentially leading to data exposure.
Affected Version(s)
surrealdb 0 < 2.2.2
surrealdb 0 < 2.1.5
surrealdb 2.2.2
