CVE-2025-7069

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/HDFGroup/hdf5/issues/5550 Exploit Issue Tracking Third Party Advisory
https://github.com/user-attachments/files/20438481/hdf5_crash_2.txt Exploit
https://vuldb.com/?ctiid.314904 Permissions Required
https://vuldb.com/?id.314904 Third Party Advisory VDB Entry
https://vuldb.com/?submit.602538 Third Party Advisory VDB Entry
https://github.com/HDFGroup/hdf5/issues/5550 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:hdfgroup:hdf5:1.14.6:*:*:*:*:*:*:*

History

09 Jul 2025, 17:39

Type Values Removed Values Added
CPE cpe:2.3:a:hdfgroup:hdf5:1.14.6:*:*:*:*:*:*:*
First Time Hdfgroup hdf5
Hdfgroup
References () https://github.com/HDFGroup/hdf5/issues/5550 - () https://github.com/HDFGroup/hdf5/issues/5550 - Exploit, Issue Tracking, Third Party Advisory
References () https://github.com/user-attachments/files/20438481/hdf5_crash_2.txt - () https://github.com/user-attachments/files/20438481/hdf5_crash_2.txt - Exploit
References () https://vuldb.com/?ctiid.314904 - () https://vuldb.com/?ctiid.314904 - Permissions Required
References () https://vuldb.com/?id.314904 - () https://vuldb.com/?id.314904 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.602538 - () https://vuldb.com/?submit.602538 - Third Party Advisory, VDB Entry

08 Jul 2025, 14:15

Type Values Removed Values Added
References () https://github.com/HDFGroup/hdf5/issues/5550 - () https://github.com/HDFGroup/hdf5/issues/5550 -
Summary
  • (es) Se encontró una vulnerabilidad clasificada como problemática en HDF5 1.14.6. La función H5FS__sect_link_size del archivo src/H5FSsection.c se ve afectada. La manipulación provoca un desbordamiento del búfer en el montón. Es posible lanzar el ataque contra el host local. Se ha hecho público el exploit y puede que sea utilizado.

04 Jul 2025, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-04 21:15

Updated : 2025-07-09 17:39


NVD link : CVE-2025-7069

Mitre link : CVE-2025-7069

CVE.ORG link : CVE-2025-7069


JSON object : View

Products Affected

hdfgroup

  • hdf5
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-122

Heap-based Buffer Overflow