CVE-2025-6818: 
NixOS vulnerability analysis and mitigation

A vulnerability classified as problematic was discovered in HDF5 version 1.14.6, specifically affecting the function H5O_chunkprotect in the file /src/H5Ochunk.c. The vulnerability was disclosed on June 28, 2025, and involves a heap-based buffer overflow condition that requires local access to exploit. The vulnerability has been assigned CVE-2025-6818 (NVD, Wiz).

The vulnerability manifests as a heap-based buffer overflow in the H5O_chunkprotect function at src/H5Ochunk.c:178:44. The issue has been assigned a CVSS 3.x Base Score of 3.3 (LOW) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L and a CVSS 4.0 score of 4.8 (MEDIUM) with vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P. The vulnerability is classified under CWE-122 (Heap-based Buffer Overflow) and CWE-119 (Improper Restriction of Operations within the Bounds of Memory Buffer) (NVD, GitHub Issue).

The heap-based buffer overflow vulnerability primarily affects system availability. The issue can be triggered through local access and may lead to denial of service conditions. The vulnerability impacts the memory handling capabilities of the HDF5 library, potentially causing system instability or crashes (Wiz, GitHub Issue).

Currently, there is no information available about specific countermeasures or patches for this vulnerability. It is recommended to consider replacing the affected component with an alternative product until a fix is available (Wiz).