Home > Vulnerability Database > CVE-2025-64330

Mend.io Vulnerability Database

CVE-2025-64330

Good to know:

Date: November 26, 2025

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a single byte read heap overflow when logging the verdict in eve.alert and eve.drop records can lead to crashes. This requires the per packet alert queue to be filled with alerts and then followed by a pass rule. This issue has been patched in versions 7.0.13 and 8.0.2. To reduce the likelihood of this issue occurring, the alert queue size a should be increased (packet-alert-max in suricata.yaml) if verdict is enabled.

Severity Score

7.5

Related Resources (4)

Url: https://github.com/OISF/suricata/commit/482e5eac9218d007adbe2410d6c00173368ce947

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-64330

Url: https://github.com/OISF/suricata/security/advisories/GHSA-83v7-gm34-f437

Url: https://www.mend.io/vulnerability-database/CVE-2025-64330

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Heap-based Buffer Overflow

CWE-122

Top Fix

Upgrade Version

Upgrade to version https://github.com/OISF/suricata.git - suricata-7.0.13;https://github.com/OISF/suricata.git - suricata-8.0.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-64330

Good to know:

Date: November 26, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?