CVE-2025-2153
Published: 10 March 2025
Summary
CVE-2025-2153 is a low-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Hdfgroup Hdf5. Its CVSS base score is 2.3 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-2153 is a critical heap-based buffer overflow vulnerability in HDF5 version 1.14.6, affecting the H5SM_delete function within the H5SM.c file of the h5 File Handler component. The issue, tied to CWE-119 (improper restriction of operations within bounds), CWE-122 (heap-based buffer overflow), and CWE-787 (out-of-bounds write), was published on 2025-03-10 and carries a CVSS v3.1 base score of 5.0 (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by unauthenticated attackers with no privileges required, though it demands high attack complexity and user interaction. Successful exploitation triggers a heap-based buffer overflow, potentially leading to limited impacts on confidentiality, integrity, and availability, such as partial data disclosure, modification, or denial of service.
Advisories reference a GitHub issue at https://github.com/HDFGroup/hdf5/issues/5329 detailing the flaw, a public proof-of-concept crash file at https://github.com/sae-as-me/Crashes/raw/refs/heads/main/hdf5/h5_extended_crash.h5, and VulDB entries at https://vuldb.com/?ctiid.299064, https://vuldb.com/?id.299064, and https://vuldb.com/?submit.510819. The exploit has been publicly disclosed and may be usable by attackers.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7293
Vulnerability details
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the…
more
attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap-based buffer overflow in HDF5 file handler is triggered by processing a specially crafted .h5 file; requires user interaction to open the malicious file, directly mapping to Malicious File sub-technique.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation requires timely patching of the heap-based buffer overflow in HDF5 1.14.6 H5SM_delete function to eliminate the vulnerability.
Memory protection safeguards like heap randomization and non-executable memory directly counter exploitation of heap buffer overflows.
Information input validation rejects malformed HDF5 files that could trigger the H5SM_delete heap overflow during file handling.