Which versions of HDF5 are affected by EUVD-2025-19446?

CVE-2025-6816 is a low-severity vulnerability in A vulnerability classified as problematic (CVSS 3.3).. A patch is available.

Is there a public PoC exploit available for EUVD-2025-19446?

Yes, a public proof-of-concept exploit is available for EUVD-2025-19446. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-19446?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

HDF5 EUVD-2025-19446

Q: What is the CVSS score of EUVD-2025-19446?

EUVD-2025-19446 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2025-6816 LOW

Buffer Overflow (CWE-119)

2025-06-28 cna@vuldb.com

Buffer Overflow

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Ubuntu

LOW

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.3 (LOW) 1.9 (LOW)

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 16, 2026 - 01:05 euvd

EUVD-2025-19446

Analysis Generated

Mar 16, 2026 - 01:05 vuln.today

PoC Detected

Jul 01, 2025 - 17:32 vuln.today

Public exploit code

CVE Published

Jun 28, 2025 - 08:15 nvd

LOW 3.3

DescriptionCVE.org

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Analysis

Vendor StatusVendor

Ubuntu

Priority: Low

hdf5

Release	Status	Version
xenial	not-affected	code not present
jammy	needed	-
noble	needed	-
oracular	ignored	end of life, was needs-triage
bionic	not-affected	code not present
focal	needed	-
questing	needed	-
trusty	not-affected	code not present
plucky	ignored	end of life, was needs-triage
upstream	released	2.0.0

Debian

Bug #1108482

hdf5

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1.10.6+repack-4+deb11u1	-
bookworm	vulnerable	1.10.8+repack1-1	-
trixie	vulnerable	1.14.5+repack-3	-
forky, sid	vulnerable	1.14.6+repack-2	-
(unstable)	fixed	(unfixed)	unimportant

EUVD-2025-19446 vulnerability details – vuln.today

Back

HDF5 EUVD-2025-19446

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code