CVE-2025-2309 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-2309 Interim 1 3 2025-08-05T23:42:06Z current 2025-03-18T00:14:17Z 2025-08-05T23:42:06Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-2309 A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for HPC 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 openSUSE Leap 15.6 hdf5 hdf5 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS hdf5 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS hdf5 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS hdf5 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS hdf5 as a component of SUSE Linux Enterprise Module for HPC 15 SP6 hdf5 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 hdf5 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 hdf5 as a component of openSUSE Leap 15.6 A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release. CVE-2025-2309 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:hdf5 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:hdf5 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:hdf5 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:hdf5 SUSE Linux Enterprise Module for HPC 15 SP6:hdf5 SUSE Linux Enterprise Module for Package Hub 15 SP6:hdf5 SUSE Linux Enterprise Module for Package Hub 15 SP7:hdf5 openSUSE Leap 15.6:hdf5 moderate 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L