Cyber Resilience

CVE-2025-2310

MediumPublic PoC

Published: 14 March 2025

Published
14 March 2025
Modified
28 May 2025
KEV Added
Patch
CVSS Score v4 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 13.3th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2310 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Hdfgroup Hdf5. Its CVSS base score is 4.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-2310 is a heap-based buffer overflow vulnerability in the H5MM_strndup function of the Metadata Attribute Decoder component in HDF5 version 1.14.6. Published on 2025-03-14, it is classified as critical and maps to CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-122 (Heap-based Buffer Overflow), and CWE-787 (Out-of-bounds Write).

Exploitation requires local access (AV:L) with low privileges (PR:L), low attack complexity (AC:L), and no user interaction (UI:N), resulting in unchanged scope (S:U) and low impacts to confidentiality, integrity, and availability (C:I:A:L), for an overall CVSS v3.1 base score of 5.3. A proof-of-concept exploit has been publicly disclosed, enabling local attackers to potentially trigger the overflow through crafted manipulation.

Advisories from VulDB (ctiid.299723, id.299723, submit.514533) and a GitHub crash report POC (madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc4.md) indicate that the vendor plans to fix this issue in an upcoming release, with no patch available at publication time.

EU & UK References

Vulnerability details

A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed…

more

to the public and may be used. The vendor plans to fix this issue in an upcoming release.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Heap-based buffer overflow in HDF5 library enables local arbitrary code execution, facilitating exploitation for privilege escalation.

CVEs Like This One

CVE-2025-2308Same product: Hdfgroup Hdf5
CVE-2025-2309Same product: Hdfgroup Hdf5
CVE-2025-2153Same product: Hdfgroup Hdf5
CVE-2026-26200Same product: Hdfgroup Hdf5
CVE-2026-34734Same product: Hdfgroup Hdf5
CVE-2025-1788Shared CWE-119, CWE-122
CVE-2024-45421Shared CWE-119, CWE-122
CVE-2026-1418Shared CWE-119, CWE-787
CVE-2026-21236Shared CWE-122, CWE-787
CVE-2026-21245Shared CWE-122, CWE-787

Affected Assets

hdfgroup
hdf5
1.14.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the heap-based buffer overflow in HDF5's H5MM_strndup by identifying, prioritizing, and applying vendor patches when released.

prevent

Implements memory safeguards like ASLR and DEP to protect against exploitation of the heap buffer overflow triggered by crafted metadata attributes.

prevent

Validates information inputs to the HDF5 Metadata Attribute Decoder to restrict malformed data that could trigger the H5MM_strndup buffer overflow.

References