关键漏洞信息 Advisory Title: (0Day) NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability Identifiers: - ZDI-25-1154 - ZDI-CAN-27168 - CVE ID: CVE-2025-14935 CVSS Score: 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Vendor: NSF Unidata Affected Product: NetCDF-C Vulnerability Details: - This vulnerability permits remote attackers to execute arbitrary code on impacted NetCDF-C installations via heap-based buffer overflow in dimension name parsing due to insufficient user input length validation. - An attacker exploits this by getting the target to access a tampered webpage or file, leading to code execution as the current user context. Disclosure Timeline: - Vulnerability reported to vendor: 06/03/2025 - Coordinated public advisory release date: 12/18/2025 - Last advisory update: 12/18/2025 Credit: Discovered by Fady Othman Mitigation: The recommended mitigation is to restrict interaction with the product to prevent exploitation.