Cyber Resilience

CVE-2025-2309

MediumPublic PoC

Published: 14 March 2025

Published
14 March 2025
Modified
28 May 2025
KEV Added
Patch
CVSS Score v4 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0005 16.2th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2309 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Hdfgroup Hdf5. Its CVSS base score is 4.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 16.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-2309 is a critical heap-based buffer overflow vulnerability affecting HDF5 version 1.14.6, specifically in the H5T__bit_copy function of the Type Conversion Logic component. The issue, published on 2025-03-14, is linked to CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-122 (Heap-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). Manipulation of the function triggers the overflow.

Local access is required for exploitation, targeting systems where an attacker has low privileges (PR:L). The attack has low complexity (AC:L) and needs no user interaction (UI:N), with a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). A successful exploit can lead to limited impacts on confidentiality, integrity, and availability, potentially allowing partial data exposure, modification, or denial of service.

Advisories from VulDB indicate the exploit has been publicly disclosed, including a proof-of-concept on GitHub at https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc3.md. The vendor plans to fix the issue in an upcoming release, but no patch is currently available. Practitioners should restrict local access, monitor for updates, and test applications using HDF5 1.14.6.

EU & UK References

Vulnerability details

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The…

more

exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Heap-based buffer overflow in HDF5 type conversion enables arbitrary code execution via client application exploitation (T1203), potential privilege escalation (T1068), and application crashes for DoS (T1499.004) when processing malicious files locally.

CVEs Like This One

CVE-2025-2310Same product: Hdfgroup Hdf5
CVE-2025-2308Same product: Hdfgroup Hdf5
CVE-2025-2153Same product: Hdfgroup Hdf5
CVE-2026-26200Same product: Hdfgroup Hdf5
CVE-2026-34734Same product: Hdfgroup Hdf5
CVE-2026-3281Shared CWE-119, CWE-122
CVE-2026-25582Shared CWE-119, CWE-122
CVE-2025-2368Shared CWE-119, CWE-122
CVE-2025-2618Shared CWE-119, CWE-122
CVE-2026-0822Shared CWE-119, CWE-122

Affected Assets

hdfgroup
hdf5
1.14.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the heap-based buffer overflow in HDF5 by requiring timely flaw remediation through vendor patches.

prevent

Implements memory protection mechanisms like ASLR and DEP that thwart exploitation of heap buffer overflows in functions like H5T__bit_copy.

prevent

Enforces least privilege to restrict local low-privilege access required for exploiting the vulnerability, limiting the attack surface.

References