CVE-2025-71391

CVE-2025-71391CVE-2025-71391

Description

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instance and any dependent applications.

Scoring

Last modified2026-07-18
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.