PT-2025-27043 · Hdf5+1 · Hdf5+1

Jjleo

Published

2025-06-27

Updated

2026-01-16

CVE-2025-6750

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6

Description: A heap-based buffer overflow issue has been found in the function H5O mtime new encode of the file src/H5Omtime.c. The manipulation leads to this issue, and attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Recommendations: For HDF5 version 1.14.6, consider disabling the H5O mtime new encode function as a temporary workaround until a patch is available. Restrict access to the src/H5Omtime.c file to minimize the risk of exploitation. Avoid using the H5O mtime new encode function in local attacks until the issue is resolved.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

AZL-64422

AZL-64440

CVE-2025-6750

ECHO-C376-97BB-2492

OESA-2026-1005

OESA-2026-1006

OESA-2026-1007

OESA-2026-1131

OESA-2026-1132

OESA-2026-1133

Affected Products

Debian

Hdf5

PT-2025-27043 · Hdf5+1 · Hdf5+1

CVE-2025-6750

Weakness Enumeration

Related Identifiers

Affected Products

References · 51