CVE-2025-1088
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-06-18
Assigner: Grafana Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Grafana occurs when an excessively long Unicode dashboard title or panel name is used, causing Chromium-based browsers to become unresponsive. It is due to improper input validation in Grafana's frontend and affects versions before 11.6.2. The issue was fixed in version 11.6.2 and later. [1]
How can this vulnerability impact me? :
The vulnerability can cause Chromium-based browsers to become unresponsive when viewing Grafana dashboards or panels with excessively long titles or names. This can disrupt user access and interaction with Grafana dashboards, potentially impacting productivity and user experience. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your Grafana instance is running a version prior to 11.6.2 and by identifying dashboards or panels with excessively long Unicode titles or names that may cause Chromium-based browsers to become unresponsive. There are no specific commands provided to detect this vulnerability directly. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Grafana to version 11.6.2 or later, where the issue has been fixed. [1]