cvelistv5 - CVE-2025-59147

CVE-2025-59147 (GCVE-0-2025-59147)

Vulnerability from cvelistv5 – Published: 2025-10-01 19:27 – Updated: 2025-10-01 19:42

Summary

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-358 - Improperly Implemented Security Check for Standard

Assigner

GitHub_M

References

URL

Tags

	https://github.com/OISF/suricata/security/advisor…	x_refsource_CONFIRM
	https://github.com/OISF/suricata/commit/be6315dba…	x_refsource_MISC
	https://github.com/OISF/suricata/commit/e91b03c90…	x_refsource_MISC
	https://forum.suricata.io/t/suricata-8-0-1-and-7-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	OISF	suricata	Affected: < 7.0.12 Affected: >= 8.0.0, < 8.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59147",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:42:12.196265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:42:24.032Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "suricata",
          "vendor": "OISF",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c  7.0.12"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358: Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-01T19:27:55.639Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e"
        },
        {
          "name": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"
        }
      ],
      "source": {
        "advisory": "GHSA-v8hv-6v7x-4c2r",
        "discovery": "UNKNOWN"
      },
      "title": "Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-59147",
    "datePublished": "2025-10-01T19:27:55.639Z",
    "dateReserved": "2025-09-09T15:23:16.326Z",
    "dateUpdated": "2025-10-01T19:42:24.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-59147\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-10-01T20:18:38.267\",\"lastModified\":\"2025-10-06T16:59:06.083\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-358\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0.12\",\"matchCriteriaId\":\"CD9C7EA7-5925-4C2B-815B-13F87DDB3F9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oisf:suricata:8.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"016370F6-3404-4F20-ABED-C0D23AC7D1D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oisf:suricata:8.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C51F6B1-2B23-4C24-9B69-DA71597628C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oisf:suricata:8.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"722B8967-EC47-43AF-AB71-4F7487780CED\"}]}]}],\"references\":[{\"url\":\"https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\",\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59147\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T19:42:12.196265Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T19:42:18.785Z\"}}], \"cna\": {\"title\": \"Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets\", \"source\": {\"advisory\": \"GHSA-v8hv-6v7x-4c2r\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"OISF\", \"product\": \"suricata\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c  7.0.12\"}, {\"status\": \"affected\", \"version\": \"\u003e= 8.0.0, \u003c 8.0.1\"}]}], \"references\": [{\"url\": \"https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r\", \"name\": \"https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b\", \"name\": \"https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e\", \"name\": \"https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018\", \"name\": \"https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-358\", \"description\": \"CWE-358: Improperly Implemented Security Check for Standard\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-10-01T19:27:55.639Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-59147\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-01T19:42:24.032Z\", \"dateReserved\": \"2025-09-09T15:23:16.326Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-10-01T19:27:55.639Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0796

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Suricata. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Suricata	Suricata	Suricata versions antérieures à 7.0.12
	Suricata	Suricata	Suricata versions 8.x antérieures à 8.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Suricata suricata-8-0-1-and-7-0-12-released

2025-09-16

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Suricata versions ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "Suricata",
        "vendor": {
          "name": "Suricata",
          "scada": false
        }
      }
    },
    {
      "description": "Suricata versions 8.x ant\u00e9rieures \u00e0 8.0.1",
      "product": {
        "name": "Suricata",
        "vendor": {
          "name": "Suricata",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-59149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59149"
    },
    {
      "name": "CVE-2025-59150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59150"
    },
    {
      "name": "CVE-2025-59147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59147"
    },
    {
      "name": "CVE-2025-59148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59148"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0796",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Suricata. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Suricata",
  "vendor_advisories": [
    {
      "published_at": "2025-09-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Suricata suricata-8-0-1-and-7-0-12-released",
      "url": "https://suricata.io/2025/09/16/suricata-8-0-1-and-7-0-12-released/"
    }
  ]
}

CERTFR-2025-AVI-0796

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Suricata. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Suricata	Suricata	Suricata versions antérieures à 7.0.12
	Suricata	Suricata	Suricata versions 8.x antérieures à 8.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Suricata suricata-8-0-1-and-7-0-12-released

2025-09-16

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Suricata versions ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "Suricata",
        "vendor": {
          "name": "Suricata",
          "scada": false
        }
      }
    },
    {
      "description": "Suricata versions 8.x ant\u00e9rieures \u00e0 8.0.1",
      "product": {
        "name": "Suricata",
        "vendor": {
          "name": "Suricata",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-59149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59149"
    },
    {
      "name": "CVE-2025-59150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59150"
    },
    {
      "name": "CVE-2025-59147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59147"
    },
    {
      "name": "CVE-2025-59148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59148"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0796",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Suricata. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Suricata",
  "vendor_advisories": [
    {
      "published_at": "2025-09-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Suricata suricata-8-0-1-and-7-0-12-released",
      "url": "https://suricata.io/2025/09/16/suricata-8-0-1-and-7-0-12-released/"
    }
  ]
}

OPENSUSE-SU-2025:15592-1

Vulnerability from csaf_opensuse - Published: 2025-10-01 00:00 - Updated: 2025-10-01 00:00

Summary

libsuricata8_0_1-8.0.1-1.1 on GA media

Notes

Title of the patch

libsuricata8_0_1-8.0.1-1.1 on GA media

Description of the patch

These are all security issues fixed in the libsuricata8_0_1-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15592

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libsuricata8_0_1-8.0.1-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libsuricata8_0_1-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15592",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15592-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59147 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59147/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59148 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59148/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59149 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59149/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59150 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59150/"
      }
    ],
    "title": "libsuricata8_0_1-8.0.1-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-10-01T00:00:00Z",
      "generator": {
        "date": "2025-10-01T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15592-1",
      "initial_release_date": "2025-10-01T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-10-01T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsuricata8_0_1-8.0.1-1.1.aarch64",
                "product": {
                  "name": "libsuricata8_0_1-8.0.1-1.1.aarch64",
                  "product_id": "libsuricata8_0_1-8.0.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-8.0.1-1.1.aarch64",
                "product": {
                  "name": "suricata-8.0.1-1.1.aarch64",
                  "product_id": "suricata-8.0.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-devel-8.0.1-1.1.aarch64",
                "product": {
                  "name": "suricata-devel-8.0.1-1.1.aarch64",
                  "product_id": "suricata-devel-8.0.1-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsuricata8_0_1-8.0.1-1.1.ppc64le",
                "product": {
                  "name": "libsuricata8_0_1-8.0.1-1.1.ppc64le",
                  "product_id": "libsuricata8_0_1-8.0.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-8.0.1-1.1.ppc64le",
                "product": {
                  "name": "suricata-8.0.1-1.1.ppc64le",
                  "product_id": "suricata-8.0.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-devel-8.0.1-1.1.ppc64le",
                "product": {
                  "name": "suricata-devel-8.0.1-1.1.ppc64le",
                  "product_id": "suricata-devel-8.0.1-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsuricata8_0_1-8.0.1-1.1.s390x",
                "product": {
                  "name": "libsuricata8_0_1-8.0.1-1.1.s390x",
                  "product_id": "libsuricata8_0_1-8.0.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-8.0.1-1.1.s390x",
                "product": {
                  "name": "suricata-8.0.1-1.1.s390x",
                  "product_id": "suricata-8.0.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-devel-8.0.1-1.1.s390x",
                "product": {
                  "name": "suricata-devel-8.0.1-1.1.s390x",
                  "product_id": "suricata-devel-8.0.1-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsuricata8_0_1-8.0.1-1.1.x86_64",
                "product": {
                  "name": "libsuricata8_0_1-8.0.1-1.1.x86_64",
                  "product_id": "libsuricata8_0_1-8.0.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-8.0.1-1.1.x86_64",
                "product": {
                  "name": "suricata-8.0.1-1.1.x86_64",
                  "product_id": "suricata-8.0.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-devel-8.0.1-1.1.x86_64",
                "product": {
                  "name": "suricata-devel-8.0.1-1.1.x86_64",
                  "product_id": "suricata-devel-8.0.1-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsuricata8_0_1-8.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.aarch64"
        },
        "product_reference": "libsuricata8_0_1-8.0.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsuricata8_0_1-8.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.ppc64le"
        },
        "product_reference": "libsuricata8_0_1-8.0.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsuricata8_0_1-8.0.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.s390x"
        },
        "product_reference": "libsuricata8_0_1-8.0.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsuricata8_0_1-8.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.x86_64"
        },
        "product_reference": "libsuricata8_0_1-8.0.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-8.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-8.0.1-1.1.aarch64"
        },
        "product_reference": "suricata-8.0.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-8.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-8.0.1-1.1.ppc64le"
        },
        "product_reference": "suricata-8.0.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-8.0.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-8.0.1-1.1.s390x"
        },
        "product_reference": "suricata-8.0.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-8.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-8.0.1-1.1.x86_64"
        },
        "product_reference": "suricata-8.0.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-devel-8.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.aarch64"
        },
        "product_reference": "suricata-devel-8.0.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-devel-8.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.ppc64le"
        },
        "product_reference": "suricata-devel-8.0.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-devel-8.0.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.s390x"
        },
        "product_reference": "suricata-devel-8.0.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-devel-8.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.x86_64"
        },
        "product_reference": "suricata-devel-8.0.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59147",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59147"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59147",
          "url": "https://www.suse.com/security/cve/CVE-2025-59147"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-01T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59147"
    },
    {
      "cve": "CVE-2025-59148",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59148"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a \"sticky\" buffer, which can lead to a segmentation fault. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules using the entropy keyword, or validate they are anchored to a sticky buffer.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59148",
          "url": "https://www.suse.com/security/cve/CVE-2025-59148"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-01T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59148"
    },
    {
      "cve": "CVE-2025-59149",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59149"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type (which is long) with transforms can lead to a stack buffer overflow during Suricata startup or during a rule reload. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules with ldap.responses.attribute_type and transforms.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59149",
          "url": "https://www.suse.com/security/cve/CVE-2025-59149"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-01T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-59149"
    },
    {
      "cve": "CVE-2025-59150",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59150"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0\u0027s usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.1-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59150",
          "url": "https://www.suse.com/security/cve/CVE-2025-59150"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_1-8.0.1-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.1-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-01T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59150"
    }
  ]
}

FKIE_CVE-2025-59147

Vulnerability from fkie_nvd - Published: 2025-10-01 20:18 - Updated: 2025-10-06 16:59

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018	Release Notes
security-advisories@github.com	https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b	Patch
security-advisories@github.com	https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e	Patch
security-advisories@github.com	https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r	Third Party Advisory, Issue Tracking

Impacted products

Vendor	Product	Version
oisf	suricata	*
oisf	suricata	8.0.0
oisf	suricata	8.0.0
oisf	suricata	8.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD9C7EA7-5925-4C2B-815B-13F87DDB3F9C",
              "versionEndExcluding": "7.0.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oisf:suricata:8.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "016370F6-3404-4F20-ABED-C0D23AC7D1D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oisf:suricata:8.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "2C51F6B1-2B23-4C24-9B69-DA71597628C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oisf:suricata:8.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "722B8967-EC47-43AF-AB71-4F7487780CED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1."
    }
  ],
  "id": "CVE-2025-59147",
  "lastModified": "2025-10-06T16:59:06.083",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-01T20:18:38.267",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory",
        "Issue Tracking"
      ],
      "url": "https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-358"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-59147 (GCVE-0-2025-59147)

CERTFR-2025-AVI-0796

Solutions

CERTFR-2025-AVI-0796

Solutions

OPENSUSE-SU-2025:15592-1

FKIE_CVE-2025-59147

Tags

Sightings

Nomenclature