vulnerability

Debian: CVE-2025-29915: suricata -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:C/A:N)	Apr 10, 2025	May 15, 2025	May 27, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:C/A:N)

Published

Apr 10, 2025

Added

May 15, 2025

Modified

May 27, 2025

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.

Solution

no-fix-debian-deb-package

References

CVE-2025-29915
https://attackerkb.com/topics/CVE-2025-29915

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today