CVE Tools
Sign in

CVE-2025-59147

Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets

Published: Oct 1, 2025Updated: Oct 6, 2025 Sources: CVE List NVD BDUCWE-358
NVD MITRE
7.5CVSSHIGH
EPSS Score
0.3%
Top 74.8%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:NI:HA:N
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:HIntegrity
High
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

CWE-358

Affected Products

suricataOISF
On-premNetwork Device
Networking Infrastructure / firewall
suricataoisf
On-premNetwork Device
Networking Infrastructure / firewall
РОСА ХРОМАО «НТЦ ИТ РОСА»
On-prem
Operating Systems / linux-distro
SuricataOpen Information Security Foundation
On-prem
Security Products / vuln-mgmt-scanner
Межсетевой экран "Ideco UTM"ООО "Айдеко Софтвер"
On-prem
Networking Infrastructure / firewall
oisfoss-projectNetworking Infrastructureaka suricata, libhtp, suricata-update
ао «нтц ит роса»commercialRUOperating Systems
open information security foundationoss-projectSecurity Productsaka ofis, suricata, libhtp
ооо "айдеко софтвер"commercialRUNetworking Infrastructureaka aidco software, айде́ко софтвер
and 5 more affected products View all →

Exploitability

Official Patch Available

References

https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r
github.com
https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b
github.com
https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e
github.com
and 7 more references View all →

Timeline

Published
Oct 1, 2025
Last Updated
Oct 6, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-59147 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows