CVE-2025-71394
Received Received - Intake

SurrealDB Local File Read via DEFINE ANALYZER

Vulnerability report for CVE-2025-71394, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulnCheck

Description

SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows authenticated users to read arbitrary files on the file system. Attackers with root, namespace, or database level privileges can point analyzers to arbitrary file paths and exfiltrate content from two-column tab-separated files.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-18
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
surrealdb surrealdb to 2.2.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

SurrealDB versions before 2.2.2 have a local file read vulnerability in the DEFINE ANALYZER statement. Authenticated users with root, namespace, or database privileges can read arbitrary files by pointing analyzers to specific paths. This allows exfiltration of content from two-column tab-separated files.

Detection Guidance

To detect this vulnerability, check SurrealDB versions before 2.2.2. Run: surrealdb version. If the version is below 2.2.2, the system is vulnerable. Additionally, monitor for unusual DEFINE ANALYZER statements pointing to arbitrary file paths.

Impact Analysis

This vulnerability allows attackers with existing access to read sensitive files on the system. However, the impact is limited because it requires prior authentication and privileges. The CVSS score of 2.3 indicates low severity due to restricted scope.

Compliance Impact

This vulnerability allows unauthorized access to arbitrary files on the file system, which could include sensitive data such as personal or health information. This could lead to violations of GDPR (if personal data is exposed) or HIPAA (if protected health information is compromised), depending on the data accessed.

Mitigation Strategies

Upgrade SurrealDB to version 2.2.2 or later. If upgrading is not possible, set the SURREAL_FILE_ALLOWLIST environment variable to restrict file access to predefined allowed paths. Limit access to root, namespace, or database-level privileges to trusted parties only.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71394. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart