CVE-2025-2153
Published: 10 March 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-2153 is a critical heap-based buffer overflow vulnerability in HDF5 version 1.14.6, affecting the H5SM_delete function within the H5SM.c file of the h5 File Handler component. The issue, tied to CWE-119 (improper restriction of operations within bounds), CWE-122 (heap-based buffer overflow), and CWE-787 (out-of-bounds write), was published on 2025-03-10 and carries a CVSS v3.1 base score of 5.0 (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by unauthenticated attackers with no privileges required, though it demands high attack complexity and user interaction. Successful exploitation triggers a heap-based buffer overflow, potentially leading to limited impacts on confidentiality, integrity, and availability, such as partial data disclosure, modification, or denial of service.
Advisories reference a GitHub issue at https://github.com/HDFGroup/hdf5/issues/5329 detailing the flaw, a public proof-of-concept crash file at https://github.com/sae-as-me/Crashes/raw/refs/heads/main/hdf5/h5_extended_crash.h5, and VulDB entries at https://vuldb.com/?ctiid.299064, https://vuldb.com/?id.299064, and https://vuldb.com/?submit.510819. The exploit has been publicly disclosed and may be usable by attackers.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Heap-based buffer overflow in HDF5 file handler is triggered by processing a specially crafted .h5 file; requires user interaction to open the malicious file, directly mapping to Malicious File sub-technique.