Skip to main content

HDF5 CVE-2025-6270

| EUVD-2025-18688 LOW
Buffer Overflow (CWE-119)
2025-06-19 cna@vuldb.com
Buffer Overflow
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Ubuntu
MEDIUM
qualitative
SUSE
4.3 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Red Hat
5.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 1.9 (LOW)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 00:08 euvd
EUVD-2025-18688
Analysis Generated
Mar 15, 2026 - 00:08 vuln.today
PoC Detected
Jan 23, 2026 - 20:49 vuln.today
Public exploit code
CVE Published
Jun 19, 2025 - 17:15 nvd
MEDIUM 5.3

DescriptionCVE.org

A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Analysis

A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Vendor StatusVendor

Ubuntu

Priority: Medium
hdf5
Release Status Version
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
oracular ignored end of life, was needs-triage
plucky ignored end of life, was needs-triage
trusty not-affected code not present
xenial not-affected code not present
upstream released 2.0.0
questing needs-triage -

Debian

Bug #1108156
hdf5
Release Status Fixed Version Urgency
bullseye vulnerable 1.10.6+repack-4+deb11u1 -
bookworm vulnerable 1.10.8+repack1-1 -
trixie vulnerable 1.14.5+repack-3 -
forky, sid vulnerable 1.14.6+repack-2 -
(unstable) fixed (unfixed) unimportant

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise High Performance Computing 12 SP5 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Fixed

Share

CVE-2025-6270 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy