CVE-2025-6269

EUVD-2025-18690
A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
hdfgrouphdf5
𝑥
≤ 1.14.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
hdf5
bionic
not-affected
focal
needed
jammy
needed
noble
needed
oracular
ignored
plucky
ignored
questing
needed
resolute
needed
trusty
not-affected
xenial
not-affected
Azure Linux logo
Azure Linux Releases
Azure Package
Release
hdf5
Azure Linux 3.0
0:1.14.6-1.azl3
fixed
CBL-Mariner 2.0
0:1.14.6-1.cm2
fixed