Skip to main content

HDF5 CVE-2025-6269

| EUVD-2025-18690 LOW
Buffer Overflow (CWE-119)
2025-06-19 cna@vuldb.com
Buffer Overflow
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Ubuntu
MEDIUM
qualitative
SUSE
4.3 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Red Hat
5.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 1.9 (LOW)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 00:08 euvd
EUVD-2025-18690
Analysis Generated
Mar 15, 2026 - 00:08 vuln.today
PoC Detected
Jul 02, 2025 - 19:01 vuln.today
Public exploit code
CVE Published
Jun 19, 2025 - 16:15 nvd
MEDIUM 5.3

DescriptionCVE.org

A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Analysis

A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Vendor StatusVendor

Ubuntu

Priority: Medium
hdf5
Release Status Version
oracular ignored end of life, was needs-triage
plucky ignored end of life, was needs-triage
bionic not-affected code not present
focal needed -
jammy needed -
noble needed -
trusty not-affected code not present
upstream released 2.0.0
questing needed -
xenial not-affected code not present

Debian

Bug #1108155
hdf5
Release Status Fixed Version Urgency
bullseye vulnerable 1.10.6+repack-4+deb11u1 -
bookworm vulnerable 1.10.8+repack1-1 -
trixie vulnerable 1.14.5+repack-3 -
forky, sid vulnerable 1.14.6+repack-2 -
(unstable) fixed (unfixed) unimportant

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise High Performance Computing 12 SP5 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Fixed

Share

CVE-2025-6269 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy