CVE-2025-29915Improper Verification of Cryptographic Signature in Suricata

CWE-347Improper Verification of Cryptographic Signature4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 65.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oisf Suricata
Timeline
PublishedApr 10

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5oisf/suricata< 7.0.9
NVDoisf/suricata< 7.0.9
Debianoisf/suricata< 1:7.0.9-1+1

Patches

Patch: github.com

🔴Vulnerability Details

2
CVEList
Suricata af-packet: defrag option can lead to truncated packets affecting visibility2025-04-10
OSV
CVE-2025-29915: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine2025-04-10

📋Vendor Advisories

1
Debian
CVE-2025-29915: suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System an...2025
CVE-2025-29915 — Oisf Suricata vulnerability | cvebase