CVE-2025-2310
Published: 14 March 2025
Summary
CVE-2025-2310 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Hdfgroup Hdf5. Its CVSS base score is 4.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-2310 is a heap-based buffer overflow vulnerability in the H5MM_strndup function of the Metadata Attribute Decoder component in HDF5 version 1.14.6. Published on 2025-03-14, it is classified as critical and maps to CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-122 (Heap-based Buffer Overflow), and CWE-787 (Out-of-bounds Write).
Exploitation requires local access (AV:L) with low privileges (PR:L), low attack complexity (AC:L), and no user interaction (UI:N), resulting in unchanged scope (S:U) and low impacts to confidentiality, integrity, and availability (C:I:A:L), for an overall CVSS v3.1 base score of 5.3. A proof-of-concept exploit has been publicly disclosed, enabling local attackers to potentially trigger the overflow through crafted manipulation.
Advisories from VulDB (ctiid.299723, id.299723, submit.514533) and a GitHub crash report POC (madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc4.md) indicate that the vendor plans to fix this issue in an upcoming release, with no patch available at publication time.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7561
Vulnerability details
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed…
more
to the public and may be used. The vendor plans to fix this issue in an upcoming release.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap-based buffer overflow in HDF5 library enables local arbitrary code execution, facilitating exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the heap-based buffer overflow in HDF5's H5MM_strndup by identifying, prioritizing, and applying vendor patches when released.
Implements memory safeguards like ASLR and DEP to protect against exploitation of the heap buffer overflow triggered by crafted metadata attributes.
Validates information inputs to the HDF5 Metadata Attribute Decoder to restrict malformed data that could trigger the H5MM_strndup buffer overflow.