CVE-2025-71395
Description
SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to restrict resulting string length when using regex patterns. An authenticated attacker can craft a malicious query to exhaust server memory through unbounded string allocations, causing denial of service.
Is your site exposed to CVE-2025-71395?
Run a free security scan — no signup, results in seconds.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-71395? +
How do I check if I'm vulnerable to CVE-2025-71395? +
Related Vulnerabilities
Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. …
Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.8.0, the decode_unknown_field function in buffa's …
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler …
Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service …
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp …
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry …