CVE-2025-6750: 
NixOS vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability was discovered in HDF5 version 1.14.6, specifically affecting the H5O__mtime_new_encode function in the src/H5Omtime.c file. The vulnerability was identified and disclosed on June 26, 2025, and has been assigned CVE-2025-6750. This security flaw requires local access to exploit and affects the core functionality of the HDF5 database software (GitHub Issue, VulDB Report).

The vulnerability exists in the H5O__mtime_new_encode function within src/H5Omtime.c at line 237:10. It has been assigned a CVSS v3.1 base score of 3.3 (Low) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L, and a CVSS v4.0 score of 4.8 (Medium) with vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P (NVD, VulDB Report).

The vulnerability primarily affects system availability and can potentially lead to a denial of service (DoS) condition. The impact is considered low severity because the attack vector is local, requiring an attacker to have local access to the system. The vulnerability does not appear to affect the confidentiality or integrity of the system (VulDB Report).

Currently, there are no official fixes or mitigations available for this vulnerability. It is suggested to consider replacing the affected software with an alternative product until a patch is available (VulDB Report).