{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6817", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-27T16:52:24.855Z", "datePublished": "2025-06-28T11:31:05.770Z", "dateUpdated": "2025-06-30T16:06:39.966Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-28T11:31:05.770Z"}, "title": "HDF5 H5Centry.c H5C__load_entry resource consumption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "Resource Consumption"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "HDF5", "versions": [{"version": "1.14.6", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Eine Schwachstelle wurde in HDF5 1.14.6 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion H5C__load_entry der Datei /src/H5Centry.c. Durch das Manipulieren mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-06-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-27T18:57:36.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "JJLeo (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.314255", "name": "VDB-314255 | HDF5 H5Centry.c H5C__load_entry resource consumption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.314255", "name": "VDB-314255 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.602294", "name": "Submit #602294 | HDFGroup HDF5 hdf5 1.14.6 (commit 17c16b6) Uncontrolled Memory Allocation", "tags": ["third-party-advisory"]}, {"url": "https://github.com/HDFGroup/hdf5/issues/5572", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/20623368/hdf5_crash_4.txt", "tags": ["exploit"]}]}, "adp": [{"references": [{"url": "https://github.com/HDFGroup/hdf5/issues/5572", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-30T16:06:36.182587Z", "id": "CVE-2025-6817", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-30T16:06:39.966Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6817", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-27T16:52:24.855Z", "datePublished": "2025-06-28T11:31:05.770Z", "dateUpdated": "2025-06-30T16:06:39.966Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-28T11:31:05.770Z"}, "title": "HDF5 H5Centry.c H5C__load_entry resource consumption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "Resource Consumption"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "HDF5", "versions": [{"version": "1.14.6", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Eine Schwachstelle wurde in HDF5 1.14.6 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion H5C__load_entry der Datei /src/H5Centry.c. Durch das Manipulieren mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-06-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-27T18:57:36.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "JJLeo (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.314255", "name": "VDB-314255 | HDF5 H5Centry.c H5C__load_entry resource consumption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.314255", "name": "VDB-314255 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.602294", "name": "Submit #602294 | HDFGroup HDF5 hdf5 1.14.6 (commit 17c16b6) Uncontrolled Memory Allocation", "tags": ["third-party-advisory"]}, {"url": "https://github.com/HDFGroup/hdf5/issues/5572", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/20623368/hdf5_crash_4.txt", "tags": ["exploit"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6817", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-30T16:06:36.182587Z"}}}], "references": [{"url": "https://github.com/HDFGroup/hdf5/issues/5572", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-30T16:06:30.764Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hdfgroup:hdf5:1.14.6:*:*:*:*:*:*:*", "matchCriteriaId": "914439E4-D5A7-444C-A1C4-051519EFF7FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en HDF5 1.14.6. Este problema afecta a la funci\u00f3n H5C__load_entry del archivo /src/H5Centry.c. La manipulaci\u00f3n provoca el consumo de recursos. El ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-6817", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-28T12:15:20.790", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/HDFGroup/hdf5/issues/5572"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/user-attachments/files/20623368/hdf5_crash_4.txt"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.314255"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.314255"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.602294"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/HDFGroup/hdf5/issues/5572"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "hdf5: HDF5 Resource Consumption Vulnerability", "id": "2375315", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375315"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "(CWE-400|CWE-404)", "details": ["A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.", "A flaw was found in hdf5. The H5C__load_entry function in HDF5 1.14.6 contains an issue that results in resource consumption when processing a specially crafted file. This flaw allows a local attacker to trigger this condition by providing the vulnerable file to the application. This manipulation can lead to excessive resource usage, potentially resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-6817", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "hdf5", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}], "public_date": "2025-06-28T11:31:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6817\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6817\nhttps://github.com/HDFGroup/hdf5/issues/5572\nhttps://github.com/user-attachments/files/20623368/hdf5_crash_4.txt\nhttps://vuldb.com/?ctiid.314255\nhttps://vuldb.com/?id.314255\nhttps://vuldb.com/?submit.602294"], "threat_severity": "Low"}

{"created": "2025-07-06T22:16:28.528500+00:00", "updated": "2025-07-06T22:16:28.528556+00:00", "vendors": ["hdfgroup", "hdfgroup$PRODUCT$hdf5"]}