Skip to main content

HDF5 CVE-2025-6516

| EUVD-2025-18903 LOW
Buffer Overflow (CWE-119)
2025-06-23 cna@vuldb.com
Buffer Overflow
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Ubuntu
MEDIUM
qualitative
SUSE
4.3 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Red Hat
5.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 1.9 (LOW)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 22:10 euvd
EUVD-2025-18903
Analysis Generated
Mar 15, 2026 - 22:10 vuln.today
PoC Detected
Jun 26, 2025 - 12:25 vuln.today
Public exploit code
CVE Published
Jun 23, 2025 - 17:15 nvd
MEDIUM 5.3

DescriptionCVE.org

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Analysis

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Vendor StatusVendor

Ubuntu

Priority: Medium
hdf5
Release Status Version
focal needed -
jammy needed -
noble needed -
bionic not-affected code not present
oracular ignored end of life, was needs-triage
questing needed -
plucky ignored end of life, was needs-triage
trusty not-affected code not present
xenial not-affected code not present
upstream released 2.0.0

Debian

hdf5
Release Status Fixed Version Urgency
bullseye vulnerable 1.10.6+repack-4+deb11u1 -
bookworm vulnerable 1.10.8+repack1-1 -
trixie vulnerable 1.14.5+repack-3 -
forky, sid vulnerable 1.14.6+repack-2 -
(unstable) fixed (unfixed) unimportant

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise High Performance Computing 12 SP5 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Fixed

Share

CVE-2025-6516 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy