CVE-2025-2309

MediumPublic PoC

Published: 14 March 2025

Published

14 March 2025

Modified

28 May 2025

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0005 15.6th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

Security Summary

CVE-2025-2309 is a critical heap-based buffer overflow vulnerability affecting HDF5 version 1.14.6, specifically in the H5T__bit_copy function of the Type Conversion Logic component. The issue, published on 2025-03-14, is linked to CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-122 (Heap-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). Manipulation of the function triggers the overflow.

Local access is required for exploitation, targeting systems where an attacker has low privileges (PR:L). The attack has low complexity (AC:L) and needs no user interaction (UI:N), with a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). A successful exploit can lead to limited impacts on confidentiality, integrity, and availability, potentially allowing partial data exposure, modification, or denial of service.

Advisories from VulDB indicate the exploit has been publicly disclosed, including a proof-of-concept on GitHub at https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc3.md. The vendor plans to fix the issue in an upcoming release, but no patch is currently available. Practitioners should restrict local access, monitor for updates, and test applications using HDF5 1.14.6.

Details

CWE(s): CWE-119CWE-122CWE-787

Affected Products

hdfgroup

hdf5

1.14.6

AI Security Analysis

AI Category: Data Processing Libraries
Risk Domain: Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: HDF5 is a widely used library for storing and managing large, complex datasets in scientific computing, including machine learning pipelines for data loading and processing during training.

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Heap-based buffer overflow in HDF5 type conversion enables arbitrary code execution via client application exploitation (T1203), potential privilege escalation (T1068), and application crashes for DoS (T1499.004) when processing malicious files locally.

References

https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc3.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.299722
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.299722
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.514532
Third Party Advisory, VDB Entry · cna@vuldb.com