Suricata < 7.0.12 / 8.0.0 < 8.0.1 Detection Bypass

high Nessus Plugin ID 269721

Synopsis

An IDS/IPS solution running on the remote host is affected by detection bypass vulnerability.

Description

The version of OISF Suricata installed on the remote host is prior to 7.0.12 and 8.0.x prior to 8.0.1. It is, therefore, affected by multiple vulnerabilities:

- Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1. (CVE-2025-59147)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade Suricata to 7.0.12, 8.0.1 or higher.

See Also

http://www.nessus.org/u?24ff48a9

http://www.nessus.org/u?1c6cd6ea

http://www.nessus.org/u?ba1eac3c

https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018

Plugin Details

Severity: High

ID: 269721

File Name: suricata_CVE-2025-59147.nasl

Version: 1.1

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 10/8/2025

Updated: 10/8/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2025-59147

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vulnerability Information

CPE: cpe:/a:oisf:suricata

Required KB Items: installed_sw/Open Information Security Foundation Suricata

Patch Publication Date: 9/1/2025

Vulnerability Publication Date: 10/1/2025

Reference Information

CVE: CVE-2025-59147