CVE-2025-71396
CVE-2025-71396 affects SurrealDB versions where the embedded JavaScript scripting feature is enabled (via --allow-scripting or --allow-all). The root cause is failure to enforce a default execution-time limit on scripting functions, enabling authenticated attackers to submit long-running JavaScri...