CVE-2025-2925

Source
https://cve.org/CVERecord?id=CVE-2025-2925
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2925.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-2925
Downstream
Published
2025-03-28T20:00:11Z
Modified
2026-07-08T08:12:01.774371010Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
HDF5 H5MM.c H5MM_realloc double free
Details

A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2925.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-119",
        "CWE-415"
    ]
}
References

Affected packages

Git / github.com/hdfgroup/hdf5

Affected ranges

Type
GIT
Repo
https://github.com/hdfgroup/hdf5
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.14.0"
        },
        {
            "last_affected": "1.14.0"
        },
        {
            "introduced": "1.14.1"
        },
        {
            "last_affected": "1.14.1"
        },
        {
            "introduced": "1.14.2"
        },
        {
            "last_affected": "1.14.2"
        },
        {
            "introduced": "1.14.3"
        },
        {
            "last_affected": "1.14.3"
        },
        {
            "introduced": "1.14.4"
        },
        {
            "last_affected": "1.14.4"
        },
        {
            "introduced": "1.14.5"
        },
        {
            "last_affected": "1.14.5"
        },
        {
            "introduced": "1.14.6"
        },
        {
            "last_affected": "1.14.6"
        },
        {
            "introduced": "0"
        }
    ]
}

Affected versions

1.*
1.14.0
1.14.1
1.14.2
1.14.3
1.14.4
1.14.5
1.14.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2925.json"