CVE-2025-29918: 
Suricata vulnerability analysis and mitigation

Suricata, a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine, was found to contain a vulnerability identified as CVE-2025-29918. The vulnerability was disclosed on April 10, 2025, where a PCRE rule could be written that leads to an infinite loop when negated PCRE is used. This security issue affects Suricata versions prior to 7.0.9 (NVD, GitHub Advisory).

The vulnerability is classified as CWE-835 (Loop with Unreachable Exit Condition - 'Infinite Loop'). It received a CVSS v3.1 base score of 6.2 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The technical issue occurs when negated PCRE is used in combination with other relative payload content keywords, which can trigger an infinite loop condition (GitHub Commit).

When exploited, this vulnerability causes the packet processing thread to become stuck in an infinite loop, which significantly impacts the system's visibility and availability, particularly when operating in inline mode. The CVSS scoring indicates high impact on availability while maintaining no direct impact on confidentiality or integrity (GitHub Advisory).

The vulnerability has been fixed in Suricata version 7.0.9. Users are advised to upgrade to this version or later to mitigate the issue. The fix involves modifying the PCRE detection engine to prevent multiple occurrence searches for negated PCRE patterns (GitHub Advisory).