2400894 – (CVE-2025-59147) CVE-2025-59147 suricata-ids: Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets

Bug 2400894 (CVE-2025-59147) - CVE-2025-59147 suricata-ids: Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets

Summary: CVE-2025-59147 suricata-ids: Suricata is Vulnerable to Detection Bypass via C...

Keywords:
Status:	NEW
Alias:	CVE-2025-59147
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2400925 2400926 2400927 2400928
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-01 20:03 UTC by OSIDB Bzimport
Modified:	2025-10-01 20:59 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-01 20:03:41 UTC

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.

Note You need to log in before you can comment on or make changes to this bug.