CVE-2025-59147

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

01/10/2025

Last modified:

06/10/2025

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS v3.1 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): High
Availability (A): None

Base Score 3.x

7.50

Severity 3.x

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:oisf:suricata::::::::		7.0.12 (excluding)
cpe:2.3:a:oisf:suricata:8.0.0:-::::::
cpe:2.3:a:oisf:suricata:8.0.0:beta1::::::
cpe:2.3:a:oisf:suricata:8.0.0:rc1::::::

To consult the complete list of CPE names with products and versions, see this page

CVE-2025-59147

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools