CVE-2025-6817 | THREATINT

Description

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Eine Schwachstelle wurde in HDF5 1.14.6 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion H5C__load_entry der Datei /src/H5Centry.c. Durch das Manipulieren mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-06-27 | Published 2025-06-28 | Updated 2025-06-28 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

Problem types

Resource Consumption

Denial of Service

Timeline

2025-06-27:	Advisory disclosed
2025-06-27:	VulDB entry created
2025-06-27:	VulDB entry last update

Credits

JJLeo (VulDB User) reporter

References

vuldb.com/?id.314255 (VDB-314255 | HDF5 H5Centry.c H5C__load_entry resource consumption) vdb-entry technical-description

vuldb.com/?ctiid.314255 (VDB-314255 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.602294 (Submit #602294 | HDFGroup HDF5 hdf5 1.14.6 (commit 17c16b6) Uncontrolled Memory Allocation) third-party-advisory

github.com/HDFGroup/hdf5/issues/5572 issue-tracking

github.com/user-attachments/files/20623368/hdf5_crash_4.txt exploit

cve.org (CVE-2025-6817)

nvd.nist.gov (CVE-2025-6817)

Download JSON