cbcvebase.
CVE-2025-29918
published 2025-04-10

CVE-2025-29918: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to…

PriorityP423medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.22%
12.8th percentile
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9.

Affected

5 ranges
VendorProductVersion rangeFixed in
debiansuricata< suricata 1:6.0.1-3+deb11u1 (bullseye)suricata 1:6.0.1-3+deb11u1 (bullseye)
oisfsuricata< 7.0.97.0.9
oisfsuricata>= 0 < 1:6.0.1-3+deb11u11:6.0.1-3+deb11u1
oisfsuricata>= 0 < 1:7.0.9-11:7.0.9-1
oisfsuricata>= 0 < 1:7.0.9-11:7.0.9-1

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM
vendor_debian6.2MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.