PT-2025-28020 · Hdf5+1 · Hdf5+1

Jjleo

Published

2025-06-06

Updated

2026-03-29

CVE-2025-7067

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6

Description: A problematic vulnerability was found in HDF5, affecting the function H5FS sinfo serialize node cb of the file src/H5FScache.c. This vulnerability leads to a heap-based buffer overflow. Local access is required to exploit this issue. The exploit has been disclosed to the public.

Recommendations: For HDF5 version 1.14.6, consider disabling the H5FS sinfo serialize node cb function as a temporary workaround until a patch is available. Restrict local access to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

AZL-65157

AZL-65208

BDU:2026-03170

CVE-2025-7067

ECHO-8347-7D53-6029

OESA-2026-1131

OESA-2026-1132

OESA-2026-1133

OESA-2026-1134

OESA-2026-1135

Affected Products

Debian

Hdf5

PT-2025-28020 · Hdf5+1 · Hdf5+1

CVE-2025-7067

Weakness Enumeration

Related Identifiers

Affected Products

References · 54