CVE-2025-6858: HDF5 Null Pointer Crash in H5C__flush_single_entry

A null-pointer dereference in the HDF5 C library — specifically in the cache flush routine H5C__flush_single_entry inside src/H5Centry.c — has been cataloged as CVE-2025-6858 and confirmed against HDF5 release 1.14.6, creating a reproducible crash primitive that can be triggered locally and has an available proof-of-concept.

Background​

HDF5 is a ubiquitous binary container and C library used across scientific computing, data analysis, and many enterprise ingestion pipelines to store large arrays and complex metadata. Because it is commonly linked directly into server-side services, analysis tools, and desktop utilities, memory-safety defects inside the library can become practical attack vectors when untrusted files are accepted or processed by a vulnerable build.
CVE-2025-6858 was published following the discovery of a null-pointer dereference in the function H5C__flush_single_entry within src/H5Centry.c in the HDF5 1.14.6 release. Multiple vulnerability trackers, distribution security pages, and the upstream GitHub issue record a reproducible crash and include a crash report or proof-of-concept that demonstrates the condition. The issue was reported publicly and discussed on the HDFGroup repository’s issue tracker. Across public trackers the most common assessment is that the vulnerability is an availability-focused defect (denial-of-service) rather than an immediate data-exfiltration or remote code execution primitive — but practical exposure depends heavily on deployment context (local vs. server-side file ingestion) and whether the vulnerable code path is reachable in a given build.

---

What the public record shows​

• Affected version: HDF5 1.14.6 is specifically referenced in the vulnerability record.
• Vulnerable function: H5C__flush_single_entry in src/H5Centry.c.
• Vulnerability class: NULL pointer dereference (CWE-476, also mapped by trackers to CWE-404 in some cross-listings).
• Attack vector: Local (attack requires the ability to cause the vulnerable code path to execute on the target), though server-side ingestion endpoints that process uploaded HDF5 files can turn the local decoding primitive into a remotely-triggerable Denial-of-Service.
• Exploit maturity: Proof-of-concept (PoC) / crash artifacts exist in the public issue and associated attachments; this materially lowers the barrier to weaponization for DoS.

Multiple distributors (Debian, Ubuntu, SUSE trackers) and commercial scanner entries mirror the upstream description and note the vulnerability’s presence in packaged builds, with distribution-specific status varying from pending to needs evaluation depending on packaging and backport policies.

---

Technical anatomy: where and why the crash occurs​

The code path and immediate cause​

The crash stack trace reported in the upstream GitHub issue shows that the fault occurs at a write to a pointer in H5C__flush_single_entry; the AddressSanitizer trace pinpoints the failing instruction and the trace shows the flow through the cache unprotect/unprotect handling into object protection and file open paths. That means the dereference occurs while the library is manipulating cache entry structures as part of a flush/unprotect sequence. In plain terms: some internal pointer that the flush routine expects to be valid can, under specific malformed or fuzzed input sequences, be NULL. The code dereferences it without a defensive check, producing an immediate segmentation fault (write at a small low address in the zero page), which for typical user-space processes results in a crash and for services results in process termination and possible worker churn or service outage.

How the PoC reproduces the issue​

The reporter attached a sanitized crash artifact and described a reproduction flow using the OSS-Fuzz h5_extended_fuzzer harness. The steps include building HDF5 with sanitizers, linking the fuzz harness, and running a crafted input file that causes the vulnerable path to traverse into H5C__flush_single_entry and trigger the null dereference. This reproducible PoC demonstrates that the condition is reachable with crafted dataset data.

Why NULL dereferences matter in libraries​

A NULL dereference in user-space results in the targeted process aborting. For short-lived command-line tools this may be a nuisance; for long-lived services, multi-threaded workers, or batch ingestion pipelines, deterministic aborts manifest as denial-of-service or degraded performance, and in containerized or multi-tenant environments they can be used for targeted disruption. When services automatically accept, process and store untrusted HDF5 files (uploads, ingestion, preview generation), a local vulnerability in the decoder can become remotely exploitable as a DoS vector.

---

Severity, scoring, and what trackers say​

Different trackers report slightly different numeric scores because they use varying CVSS versions and assessment rules:

• NVD / MITRE: NVD lists the CVE and the textual description; the official NVD enrichment may lag and NVD’s exact numeric CVSSv3/v4 vector was not fully harmonized at the time of early records.
• CVSS / CNAs and third-party databases: Snyk, OpenCVE, and other aggregators list CVSSv4 ~4.8 (Medium) and CVSSv3 around 3.3–5.5 depending on scoring inputs; the dominant factors driving scores are Local attack vector, Low attack complexity, and Low availability impact on a per-instance basis (but higher operational impact in server contexts).
• Distribution trackers: Debian and Ubuntu mark this as low-to-medium priority for packaging teams; Debian’s tracker points to the upstream GitHub issue and classifies the security impact as negligible in its note, though that is a packaging-level judgment reflecting distribution-specific risk and upstream fixes.

Operational takeaway: the numeric CVSS may appear modest for a single-process DoS (CVSSv3 ≈ 3.3 in some trackers), but the real-world urgency depends on whether the vulnerable HDF5 build is used in remote-facing parsing pipelines or long-lived services. Aggregators unanimously mark this as a reproducible crash with an available PoC; that raises urgency for server-side ingestion points or any environment that processes untrusted HDF5 files.

---

Exploitability and attacker model​

• Preconditions: attacker must cause the vulnerable library code path to execute. In the simplest case this means either a local user running a vulnerable binary or a remote user uploading a crafted .h5 file to a service that decodes it with the vulnerable library.
• Privilege level: Low — the defect does not require elevated system privileges to trigger; an unprivileged user or a remote uploader in a web service can cause the process-level crash where the library is used.
• User interaction: None if the service automatically processes uploaded files; otherwise may require convincing a user to open a malicious file locally.
• Likely effects: deterministic Denial-of-Service (process crash). Escalation to remote code execution is not publicly verified and remains speculative; converting a NULL dereference into RCE is generally much harder than with heap overflows or arbitrary writes and would require additional exploitable memory-corruption primitives in the same process and environment. Flag this as unverified unless a multi-stage exploit is demonstrated.

Caution: some commercial trackers list multiple HDF5 CVEs in the same release window (including heap overflows in other functions). These separate memory-safety issues create a larger attack surface overall for HDF5 1.14.6. Security teams should treat the collective presence of multiple, independently exploitable issues in the same release as a compounding risk even if each individual CVE appears low/medium.

---

Vendor and distribution response — status snapshot​

• Upstream GitHub: the reporter filed issue #5576 with a PoC and stack trace; maintainers marked the issue and recorded it as Done, indicating triage and internal handling in the repository. The issue includes crash data and the reporter’s build/repro steps.
• Distributions: Debian, Ubuntu, and SUSE trackers imported the description and flagged packages; status varies by distro branch (some labeled vulnerable/unfixed, others marked as requiring evaluation). Debian’s tracker currently lists packaged versions that remain vulnerable in some release channels and notes the upstream issue reference.
• Commercial scanners: Snyk and other vulnerability databases list the CVE and credit a researcher for the discovery; they currently report no fixed upstream release in some feeds, and advise rebuilds or upstream updates once fixed packages are released by maintainers.

Bottom line: upstream has the issue tracked (public issue with PoC), but as of the capture of public trackers there was not yet a single consolidated upstream point-release guaranteeing the fix across every affected function in 1.14.6. Distributions are at varying stages of packaging and backporting fixes. Administrators should verify vendor changelogs and package metadata before trusting a distribution update to have incorporated the specific fix for H5C__flush_single_entry.

---

Practical mitigation and remediation playbook​

Immediate steps for defenders and integrators:

• Inventory: identify every binary, service, and container image that links (statically or dynamically) against HDF5 1.14.6. Pay special attention to:
• File ingestion services and upload endpoints.
• Image conversion / preview generation pipelines.
• Any toolchains or binaries that process untrusted .h5 files.
• Block or isolate untrusted input:
• If possible, disable automatic processing of uploaded HDF5 files until a patched library is in place.
• Move HDF5 decoding into an isolated, least-privilege worker process or sandboxed container to contain crashes and prevent broad worker pool collapse.
• Patch and rebuild:
• Track the HDF Group’s upstream repository and distribution advisories for a patched release that specifically addresses the H5C__flush_single_entry NULL check.
• Rebuild statically linked artifacts with the patched library; dynamic linking will be remediated by updating the system library package and restarting dependent services.
• Temporary compensations if immediate patching is not possible:
• Sanitize or reject HDF5 inputs from untrusted sources.
• Process untrusted files in ephemeral VMs/containers that can be destroyed after execution.
• Rate-limit or throttle HDF5 decoding tasks to reduce blast radius from repeated crash attempts.
• Monitor and detect:
• Add crash-monitoring and alerting for services that use HDF5 (frequent process restarts, worker churn, or repeated core dumps).
• Inspect application logs and systemd/journal entries for segmentation faults referencing HDF5 symbols or the h5* binaries.
• Verify vendor fixes:
• Confirm that the package changelog or upstream release explicitly references the fix (PR/commit ID or issue #5576) before marking a host as remediated.
• After updating packages, run the original PoC against the patched build in a controlled test environment to confirm that the crash no longer occurs.

---

Detection and hunting guidance​

Indicators and telemetry to prioritize:

• Repeated crashes of HDF5-linked processes (for example, h5dump, custom ingestion workers) with stack traces showing frames inside H5Centry.c or symbols from the HDF5 library.
• Anomalous spike in process terminations or Kubernetes pod restarts correlated to file-upload events targeting an ingestion endpoint.
• Core dumps containing faulting instruction pointers into the HDF5 library; these are high-value forensic artifacts to capture and compare against known PoC behavior.

Operational detection rules (examples):

• Alert when more than N crashes of an HDF5-linked process are observed within M minutes.
• Flag any file uploads that cause immediate worker process termination or core dump generation and quarantine such files for offline analysis.

---

Risk analysis: strengths, limits, and worst-case scenarios​

Strengths of current evidence:

• Reproducible PoC: The upstream issue contains a sanitizer-backed crash trace and reproduction instructions, which makes the bug verifiable by defenders and attackers alike. That reduces uncertainty around existence and exploitability for DoS.
• Multiple independent trackers: NVD, distribution trackers (Debian/Ubuntu/SUSE), and commercial scanners list the same vulnerable function and version, providing cross-verification of the basic facts.

Limitations and open questions:

• No confirmed RCE: Public advisories and trackers uniformly emphasize denial-of-service and do not provide a verified RCE chain for this specific NULL dereference. Escalation to RCE would require additional, separate primitives or favorable memory-allocation conditions and remains speculative without demonstration. Treat RCE claims as unverified until independently reproduced.
• Distribution patch lag: Some distributions may delay packaging or may split fixes across multiple point releases. Operators must confirm the exact commit or PR in their distribution package changelog.

Worst-case scenario:

• If an environment automatically decodes arbitrary untrusted HDF5 files (for example, a cloud ingestion service that opens every uploaded file) and runs a vulnerable HDF5 build in production worker pools, attackers can cause mass worker crashes at scale, producing denial-of-service and potentially triggering cascading failures (overloaded schedulers, auto-scaling churn, or persistent corruption in worker state). This is realistic and has been the primary operational concern raised by trackers.

---

Action checklist (concise)​

• Inventory HDF5 usage across hosts and containers.
• Isolate HDF5 decoding in sandboxed processes or containers.
• Watch distribution advisories for a patched HDF5 package that references the upstream fix/issue #5576; update and rebuild statically linked binaries when available.
• Apply runtime mitigations: restrict file uploads, add rate-limiting, enable crash monitoring, and hold suspicious files offline for analysis.

---

Conclusion​

CVE-2025-6858 is a confirmed, reproducible null-pointer dereference in HDF5’s cache flush code (H5C__flush_single_entry) affecting HDF5 1.14.6. The presence of a PoC and upstream GitHub issue reduces uncertainty: the vulnerability is real, locally exploitable for denial-of-service, and present in several distribution packages until backports or patched releases are applied. For organizations that process untrusted HDF5 files — especially server-side ingestion services, automated conversion pipelines, and shared multi-tenant workloads — this vulnerability should be treated as operationally urgent. Immediate mitigations include isolating HDF5 processing, disabling automatic decoding of external files, monitoring for crashes, and verifying upstream/distribution fixes before redeploying. Administrators should verify patched package changelogs that explicitly reference the upstream issue or commit, rebuild statically linked artifacts with fixed code, and continue to monitor vulnerability trackers for any evidence of escalation beyond denial-of-service. Caveat: claims that the defect trivially leads to remote code execution are not supported by current public advisories and should be treated as speculative until a reliable exploit chain is published and independently validated.

---

Source: MSRC Security Update Guide - Microsoft Security Response Center