Back to CVE List

CVE-2025-71391

Vulnerability Description

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instance and any dependent applications.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-248
Source
NVD
Vendor
surrealdb
Product
surrealdb

External References

Discussion (0)

Add Comment

No comments yet. Be the first!