CVE-2025-64335 is a NULL pointer dereference vulnerability identified in the Suricata network IDS/IPS/NSM engine developed by the Open Information Security Foundation (OISF). The flaw exists in Suricata versions from 8.0.0 up to but not including 8.0.2, triggered specifically when the entropy keyword is used in conjunction with base64_data within detection rules. This combination leads to a NULL pointer dereference, causing the Suricata process to crash and resulting in a denial of service (DoS). The vulnerability does not impact confidentiality or integrity but severely affects availability by disrupting network monitoring and intrusion detection capabilities. Exploitation requires no privileges or user interaction and can be performed remotely by sending crafted network traffic that matches the vulnerable rule conditions. Although no known exploits are currently reported in the wild, the high CVSS score of 7.5 reflects the ease of exploitation and significant impact on availability. The issue has been addressed in Suricata version 8.0.2, which corrects the NULL pointer handling. As an interim mitigation, disabling detection rules that use entropy with base64_data can prevent crashes. Suricata is widely used in enterprise and critical infrastructure environments for network security monitoring, making this vulnerability relevant to organizations relying on it for real-time threat detection and prevention.

For European organizations, the primary impact of CVE-2025-64335 is a denial of service condition that disrupts Suricata’s ability to monitor network traffic effectively. This can lead to blind spots in network security monitoring, increasing the risk of undetected intrusions or attacks. Critical infrastructure sectors such as energy, finance, telecommunications, and government agencies that deploy Suricata for network defense may experience operational interruptions or degraded security posture. The disruption could also affect incident response capabilities and compliance with regulatory requirements for continuous monitoring. Since Suricata is often deployed at network perimeters or within security operations centers, its failure can have cascading effects on overall cybersecurity defenses. The lack of confidentiality or integrity impact means data leakage or manipulation is not a direct concern, but the availability loss alone can be critical in high-security environments.

Organizations should immediately upgrade Suricata to version 8.0.2 or later, where the NULL pointer dereference vulnerability is patched. Until patching is possible, administrators should identify and disable any detection rules that use the entropy keyword in conjunction with base64_data to prevent triggering the crash. Regularly review and audit Suricata rule sets to avoid combinations that could cause instability. Implement monitoring and alerting for Suricata process crashes or restarts to detect exploitation attempts promptly. Consider deploying redundant Suricata instances or failover mechanisms to maintain network monitoring continuity during remediation. Additionally, maintain up-to-date backups of configuration and rule sets to facilitate rapid recovery. Engage with OISF community resources and security advisories to stay informed about any emerging exploits or additional mitigations.