CVE-2025-71398 PUBLISHED

SurrealDB before 2.2.2 SSRF via HTTP Redirect Bypass

Assigner: VulnCheck
Reserved: 18.07.2026 Published: 18.07.2026 Updated: 18.07.2026

SurrealDB before 2.2.2 fails to validate HTTP redirects in http functions, allowing authenticated users to bypass deny-net restrictions by redirecting to blocked IP addresses. Attackers can host a public server that redirects to denied network targets, enabling server-side request forgery to access internal endpoints and retrieve sensitive information.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H
CVSS Score: 5.8

Product Status

Vendor surrealdb
Product surrealdb
Versions Default: unaffected
  • affected from 0 to 2.2.2 (excl.)
  • Version 2.2.2 is unaffected
Vendor surrealdb
Product surrealdb
Versions Default: unaffected
  • affected from 0 to 2.1.5 (excl.)
  • Version 2.1.5 is unaffected
Vendor surrealdb
Product surrealdb
Versions Default: unaffected
  • affected from 0 to 2.0.5 (excl.)
  • Version 2.0.5 is unaffected

Credits

  • cure53 reporter

References

Problem Types

  • Server-Side Request Forgery (SSRF) CWE