CVE-2025-10630
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-09-19
Assigner: Grafana Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| grafana | grafana-zabbix | * |
| grafana | grafana-zabbix | 6.0.0 |
| grafana | grafana | From 11.6.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Regular Expression Denial of Service (ReDoS) in Grafana-Zabbix plugin versions 5.2.1 and below. It occurs when a user supplies a crafted regex query that causes excessive CPU usage, potentially maxing out the CPU and degrading system performance. The issue is fixed in version 6.0.0.
How can this vulnerability impact me? :
The vulnerability can cause the CPU usage to max out when processing malicious regex queries, leading to degraded performance or denial of service conditions in the Grafana-Zabbix plugin, which may affect monitoring and observability capabilities.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Grafana-Zabbix plugin to version 6.0.0 or later, as this version contains the fix for the ReDoS vulnerability present in versions 5.2.1 and below.