7.5

CVE-2025-59147

Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OisfSuricata Version < 7.0.12
OisfSuricata Version8.0.0 Update-
OisfSuricata Version8.0.0 Updatebeta1
OisfSuricata Version8.0.0 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.263
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018
Release Notes
https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b
Patch
https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e
Patch
https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r
Third Party Advisory
Issue Tracking