How to fix EUVD-2025-33225?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Is Null Pointer Dereference affected by EUVD-2025-33225?

Organizations using Suricata face notable risk from CVE-2025-59148, a null pointer dereference vulnerability rated CVSS 7.5. Exploitation could compromise the security of affected deployments. A patch is available and should be applied as part of regular vulnerability management.

EUVD-2025-33225

| CVE-2025-59148 HIGH

2025-10-01 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 18:18 euvd

EUVD-2025-33225

Analysis Generated

Mar 13, 2026 - 18:18 vuln.today

Patch Released

Oct 06, 2025 - 16:59 nvd

Patch available

CVE Published

Oct 01, 2025 - 20:18 nvd

HIGH 7.5

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules using the entropy keyword, or validate they are anchored to a sticky buffer.

Analysis

Technical Context

A NULL pointer dereference occurs when the application attempts to use a pointer that has not been initialized or has been set to NULL.

Affected Products

Affected products: Oisf Suricata 8.0.0

Remediation

A vendor patch is available — apply it immediately. Add NULL checks before pointer dereference operations. Use static analysis to identify potential NULL pointer issues. Enable compiler warnings.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

Vendor Status

Ubuntu

Priority: Medium

suricata

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
upstream	not-affected	debian: Vulnerable code never present in a Debian released version, 8.0.x only issue
plucky	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

suricata

Release	Status	Fixed Version	Urgency
bullseye	fixed	1:6.0.1-3	-
bullseye (security)	fixed	1:6.0.1-3+deb11u1	-
bookworm	fixed	1:6.0.10-1	-
trixie	fixed	1:7.0.10-1+deb13u2	-
forky, sid	fixed	1:8.0.3-1	-
(unstable)	not-affected	-	-

EUVD-2025-33225 vulnerability details – vuln.today

Back

EUVD-2025-33225

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-33225

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code