CVE-2025-71397
CVE-2025-71397 affects SurrealDB versions before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2. Authenticated users with OWNER/EDITOR permissions can define custom functions via DEFINE FUNCTION and trigger nested FOR loops. Although a single loop’s iterations are bounded, stacking multiple lo...