cve 2025 2923

CVE-2025-2923 is a disclosed heap-based buffer overflow vulnerability in the HDF5 library, specifically in the H5F_addr_encode_len function within src/H5Fint.c. This flaw can write past an allocated buffer when processing crafted data, leading to a reliable crash and a low-to-medium severity local attack vector. A public proof-of-concept and upstream fixes are available, but distribution packaging and backport timelines vary, leaving many deployments exposed until they validate and deploy the upstream changes. The vulnerability impacts data ingestion processes that rely on HDF5, making it relevant for users and administrators managing scientific or large-scale data systems on Windows or other platforms.