Which versions of HDF5 are affected by CVE-2025-6858?

CVE-2025-6858 is a low-severity vulnerability in A vulnerability (CVSS 3.3). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…. A patch is available.

Is there a public PoC exploit available for CVE-2025-6858?

Yes, a public proof-of-concept exploit is available for CVE-2025-6858. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-6858?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

HDF5 CVE-2025-6858

Q: What is the CVSS score of CVE-2025-6858?

CVE-2025-6858 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2025-19482 LOW

Improper Resource Shutdown or Release (CWE-404)

2025-06-29 cna@vuldb.com

Denial Of Service

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Ubuntu

LOW

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.3 (LOW) 1.9 (LOW)

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 16, 2026 - 01:15 euvd

EUVD-2025-19482

Analysis Generated

Mar 16, 2026 - 01:15 vuln.today

PoC Detected

Jul 08, 2025 - 14:38 vuln.today

Public exploit code

CVE Published

Jun 29, 2025 - 11:15 nvd

LOW 3.3

DescriptionCVE.org

A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Analysis

Vendor StatusVendor

Ubuntu

Priority: Low

hdf5

Release	Status	Version
bionic	needed	-
focal	needed	-
jammy	needed	-
noble	needed	-
trusty	needed	-
xenial	needed	-
upstream	released	2.0.0
oracular	ignored	end of life, was needs-triage
questing	needed	-
plucky	ignored	end of life, was needs-triage

Debian

hdf5

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1.10.6+repack-4+deb11u1	-
bookworm	vulnerable	1.10.8+repack1-1	-
trixie	vulnerable	1.14.5+repack-3	-
forky, sid	vulnerable	1.14.6+repack-2	-
(unstable)	fixed	(unfixed)	unimportant

CVE-2025-6858 vulnerability details – vuln.today

Back

HDF5 CVE-2025-6858

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code