
We found results for “”
CVE-2025-11060
Good to know:


Date: September 26, 2025
A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records.
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Incorrect Authorization
CWE-863Top Fix

Upgrade Version
Upgrade to version surrealdb - 2.1.9;surrealdb - 2.2.8;surrealdb - 2.3.8;https://github.com/surrealdb/surrealdb.git - v2.1.9;https://github.com/surrealdb/surrealdb.git - v2.2.8;https://github.com/surrealdb/surrealdb.git - v2.3.8
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |