CNNVD-202509-4102 Information
CNNVD ID
CNNVD-202509-4102
Related CVE
- CNNVD Published: 2025-09-26
Description (Chinese)
surrealdb是SurrealDB开源的一个文档图数据库。 surrealdb存在安全漏洞,该漏洞源于数据库引擎实时查询订阅机制存在缺陷,可能导致记录或访客用户通过特制LIVE SELECT订阅绕过访问控制,观察同一表中未经授权的记录。
Description (English)
Surrealdb is a file chart database of the SurrealDB open source. There is a security loophole in Surrealdb, which stems from deficiencies in the real-time search subscription mechanism of the database engine, which may lead to access controls being bypassed by record-keeping or visitor users through a custom-made LIVE SELECT subscription to observe unauthorized records in the same table.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
SurrealDB
Published
2025-09-26
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/CVE-2025-11060 https://bugzilla.redhat.com/show_bug.cgi?id=2394708 https://github.com/surrealdb/surrealdb https://github.com/surrealdb/surrealdb/commit/d81169a06b89f0c588134ddf2d62eeb8d5e8fd0c https://github.com/surrealdb/surrealdb/pull/6247 https://github.com/surrealdb/surrealdb/security/advisories/GHSA-7vm2-j586-vcvc https://surrealdb.com/docs/surrealql/statements/live
Patch
https://github.com/surrealdb/surrealdb/releases
Share on: