CVE-2025-59148

Name: CVE-2025-59148
Creator: NVD / NIST
Published: 2025-10-01T20:18:38.48+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.40%

Last modified Jun 17, 2026

CVE-2025-59148 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. EPSS estimates a 0.40% chance of exploitation in the next 30 days.

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules using the entropy keyword, or validate they are anchored to a sticky buffer.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.40%

31.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-476

Affected Software

Vendor	Product	Versions
Oisf	Suricata	8.0.0

References

https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018Release Notes
https://github.com/OISF/suricata/commit/9f32550e18f97ea5d610dd7c36aab0ba142c096cPatch
https://github.com/OISF/suricata/security/advisories/GHSA-5qf6-92xg-3rr3Issue Tracking, Third Party Advisory
https://redmine.openinfosecfoundation.org/issues/7838Issue Tracking

Timeline

Published: Oct 1, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-59148?

How severe is CVE-2025-59148?

CVE-2025-59148 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.40% probability of exploitation in the next 30 days.

How do I fix CVE-2025-59148?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-59148?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST