Description

A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records.

INFO

Published Date :

2025-09-26T12:01:22.738Z

Last Modified :

2025-11-07T19:42:32.972Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-11060 vulnerability.

Vendors Products
Redhat
  • Service Mesh
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11060.

URL Resource
https://access.redhat.com/security/cve/CVE-2025-11060 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2394708 cve-icon cve-icon
https://github.com/surrealdb/surrealdb cve-icon cve-icon cve-icon
https://github.com/surrealdb/surrealdb/commit/d81169a06b89f0c588134ddf2d62eeb8d5e8fd0c cve-icon cve-icon cve-icon
https://github.com/surrealdb/surrealdb/pull/6247 cve-icon cve-icon cve-icon
https://github.com/surrealdb/surrealdb/security/advisories/GHSA-7vm2-j586-vcvc cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-11060 cve-icon
https://surrealdb.com/docs/surrealql/statements/live cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-11060 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact