CVE-2025-71393
SurrealDB before 2.2.2 Memory Exhaustion via Nested Functions
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
SurrealDB before 2.2.2 with scripting enabled fails to properly enforce recursion limits when native functions contain embedded JavaScript that issues new queries. Authenticated attackers can bypass the recursion limit by chaining native and JavaScript function calls to trigger infinite recursion and exhaust server memory.
| CWE | CWE-674 |
| Vendor | surrealdb |
| Product | surrealdb |
| Published | Jul 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for surrealdb surrealdb
Be the first to know when new unknown vulnerabilities affecting surrealdb surrealdb are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
surrealdb / surrealdb
0 < 2.2.2
surrealdb / surrealdb
0 < 2.1.5
surrealdb / surrealdb
0 < 2.0.5
References
Credits
๐ cure53