Severity by source
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Clear
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Clear
Lifecycle Timeline
3DescriptionCVE.org
Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defects lists via a very bad drive with lots of defects or a maliciously crafted SCSI device’s defect response length.
AnalysisAI
Out-of-bounds write and read in Seagate's openSeaChest v25.05.3 affects the --showSCSIDefects diagnostic command, allowing memory corruption when parsing abnormally large SCSI defect list responses. A high-privileged local operator running diagnostics against a physically degraded drive with an excessive defect count, or against a maliciously crafted SCSI device returning an oversized defect response, can trigger limited confidentiality, integrity, and availability impact on the diagnostic host. No public exploit and no active exploitation has been identified at time of analysis; this vulnerability was self-reported by Seagate with a CVSS 4.0 base score of 1.8, reflecting the severe exploitation constraints.
Technical ContextAI
openSeaChest is Seagate's open-source, cross-platform SCSI/ATA/NVMe drive diagnostic utility. The --showSCSIDefects command issues SCSI READ DEFECT DATA commands to enumerate a drive's primary (P-list) and grown (G-list) defect tables. CWE-787 (Out-of-bounds Write) indicates the defect list parser trusts the device-reported response length without enforcing strict buffer boundary checks - when a drive or emulated SCSI device returns a defect list whose length exceeds what the allocation anticipates, the write operation extends beyond the intended buffer. The AT:P (Attack Requirements: Present) component of the CVSS 4.0 vector confirms a specific triggering condition is required: an unusually bad drive or a crafted SCSI device response. No CPE string was provided in the available intelligence data; the affected software version is v25.05.3 across all supported platforms (Windows, Linux, FreeBSD).
Affected ProductsAI
Seagate openSeaChest v25.05.3 on all supported platforms, including Windows, Linux, and FreeBSD, when the --showSCSIDefects command is invoked. The vulnerability is triggered specifically during the SCSI defect list parsing path. No CPE string was included in the provided intelligence. Vendor advisory and software release information are available at https://www.seagate.com/product-security/#security-advisories and https://www.seagate.com/support/software/seachest/. Earlier or later versions are not confirmed affected or unaffected based on available data.
RemediationAI
Monitor the Seagate Product Security advisory page at https://www.seagate.com/product-security/#security-advisories for a patched release of openSeaChest. No specific fixed version number was identified in the provided intelligence data; patch availability is stated per vendor advisory but has not been independently confirmed with an exact release version. As an immediate compensating control, restrict or prohibit execution of the --showSCSIDefects command against any SCSI device of unknown provenance, untrusted origin, or externally sourced hardware - this directly eliminates the AT:P triggering condition. Because openSeaChest requires high privileges to operate, ensuring that only vetted administrators in controlled maintenance or manufacturing environments can invoke it limits exposure without meaningful operational trade-off. Organizations not using SCSI defect diagnostic workflows can disable or remove openSeaChest entirely as a low-cost risk reduction.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34041
GHSA-gh5q-rq4h-5vjq