CVE-2025-59147
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-59147, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-01

Last updated on: 2025-10-06

Assigner: GitHub, Inc.

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-01
Last Modified
2025-10-06
Generated
2026-07-06
AI Q&A
2025-10-01
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
oisf suricata to 7.0.12 (exc)
oisf suricata 8.0.0
oisf suricata 8.0.0
oisf suricata 8.0.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-358 The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Suricata versions 7.0.11 and below, as well as 8.0.0. It allows an attacker to bypass detection by sending multiple SYN packets with different sequence numbers within the same flow tuple. This causes Suricata to fail to recognize the TCP session properly. In IDS mode, this leads to detection and logging bypass, while in IPS mode, the flow gets blocked. The issue is fixed in versions 7.0.12 and 8.0.1.

Impact Analysis

If you use Suricata in IDS mode, this vulnerability can allow attackers to bypass detection and logging, potentially letting malicious traffic go unnoticed. In IPS mode, it can cause legitimate flows to be blocked incorrectly. This can impact network security monitoring and intrusion prevention effectiveness.

Mitigation Strategies

Upgrade Suricata to version 7.0.12 or 8.0.1 or later, as these versions contain the fix for this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59147. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart