PT-2026-60955 · Surrealdb · Surrealdb

·

CVE-2025-71394

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v4.0

2.3

Low

VectorAV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions SurrealDB versions prior to 2.2.2
Description Authenticated users with root, namespace, or database level privileges can read arbitrary files on the file system. This occurs through the DEFINE ANALYZER statement, where attackers can point analyzers to arbitrary file paths to exfiltrate content from two-column tab-separated files.
Recommendations Update SurrealDB to version 2.2.2 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-71394

Affected Products

Surrealdb