← Back to CVEs

CVE-2025-6516

MEDIUM

5.3

Description

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVE Details

CVSS v3.1 Score5.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published6/23/2025

Last Modified4/29/2026

Sourcenvd

Honeypot Sightings0

Affected Products

hdfgroup:hdf5

Weaknesses (CWE)

CWE-119CWE-122CWE-787

References

https://github.com/HDFGroup/hdf5/issues/5581(cna@vuldb.com)

https://github.com/user-attachments/files/20626851/reproduce.tar.gz(cna@vuldb.com)

https://vuldb.com/?ctiid.313636(cna@vuldb.com)

https://vuldb.com/?id.313636(cna@vuldb.com)

https://vuldb.com/?submit.592589(cna@vuldb.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.