Severity by source
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Clear
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Clear
Lifecycle Timeline
1DescriptionCVE.org
Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory which sets a value to 1 via a maliciously crafted NVMe device with a bogus value in the namespace FLBAS byte.
AnalysisAI
Out-of-bounds write in openSeaChest v25.05.3's --showSupportedFormats command allows a high-privileged local attacker to corrupt one byte beyond an allocated buffer by presenting a maliciously crafted NVMe device with a bogus namespace FLBAS (Format LBA Size) value, forcing that byte to 1. Affected platforms include all systems supported by the toolkit. With a CVSS 4.0 score of 1.8, this is a minimal-severity issue requiring both high privileges and a specially crafted physical or emulated NVMe device; no public exploit code or active exploitation has been identified at time of analysis.
Technical ContextAI
openSeaChest is Seagate's open-source cross-platform CLI toolkit for storage device diagnostics and management. The vulnerable code path is invoked via the --showSupportedFormats subcommand, which reads NVMe namespace metadata including the FLBAS byte - a field encoding the current LBA format index in use. When a malicious NVMe device returns an out-of-range or unexpected FLBAS value, the parsing routine writes one byte past the end of an allocated memory region (CWE-787: Out-of-bounds Write), setting it to the value 1. This is a classic off-by-one boundary error triggered by unsanitized device-supplied data. The CVSS 4.0 vector (AV:L/AC:H/AT:P/PR:H) confirms the vulnerability class: local access, high attack complexity, a specific attack target prerequisite (the crafted NVMe device must be present), and high privilege requirements, all of which bound the realistic exploitation surface sharply.
Affected ProductsAI
Seagate openSeaChest version v25.05.3 is affected across all supported platforms - including Linux, Windows, and other operating systems the toolkit supports, as explicitly stated in the CVE description. No CPE string was provided in the available data. Vendor-authoritative details are published at the Seagate product security advisory page (https://www.seagate.com/product-security/#security-advisories) and the openSeaChest software page (https://www.seagate.com/support/software/seachest/).
RemediationAI
Consult Seagate's security advisory at https://www.seagate.com/product-security/#security-advisories for an updated release. No exact patched version number was confirmed in the available data - the patch status is 'patch available per vendor advisory' but the specific fix version is not independently verified from provided references. As compensating controls pending a confirmed patch: restrict execution of openSeaChest (particularly the --showSupportedFormats subcommand) to only explicitly authorized administrators, reducing exposure from the PR:H prerequisite; enforce OS-level storage device allowlisting (e.g., udev rules on Linux, Windows Device Installation policies) to prevent unauthorized or emulated NVMe devices from being recognized by the system, which directly eliminates the AT:P attack target prerequisite; and audit environments where untrusted storage hardware may be connected. The CVSS vector notes automatic recoverability (R:A), suggesting corruption effects may be transient. No side effects from device allowlisting beyond blocking unapproved hardware attachment are expected.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34045
GHSA-6rch-j2wj-8h2j