Denial of Service Vulnerability in SurrealDB by SurrealDB Inc.
CVE-2025-71396
2.3LOW
What is CVE-2025-71396?
SurrealDB versions prior to 2.0.5, 2.1.5, and 2.2.2 lack a default execution-time limit for embedded JavaScript functions when scripting is enabled. This allows authenticated attackers to submit resource-intensive scripts, leading to server resource depletion and potential denial of service. By exploiting this flaw, an attacker can disrupt normal server operations, impacting availability and performance.
Affected Version(s)
surrealdb 0 < 2.2.2
surrealdb 0 < 2.0.5
surrealdb 0 < 2.1.5
