CVE-2025-44904
Published: 30 May 2025
Summary
CVE-2025-44904 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Hdfgroup Hdf5. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 45.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-16461
Vulnerability details
hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in HDF5 library enables exploitation for client application code execution (T1203) via malicious files or application denial of service (T1499.004) as demonstrated by crash PoC.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.