Regex DoS in Zabbix Plugin in Grafana
Low
| Advisory ID: | CVE-2025-10630 |
| Published: | 2025-09-19 |
| Last Updated: | 2025-09-24 |
| Product: | Grafana Zabbix Plugin |
| CVSS Score: | 4.3 |
| CVSS Vector: | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| Fixed Versions: | >=6.0.2 |
Summary
Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring.
Versions 5.2.1 and below contained a ReDoS vulnerability via user-supplied regex query which could cause CPU usage to max out. This vulnerability is fixed in version 6.0.2.
Update: version 6.0.0 included an insufficent fix. Please upgrade to version 6.0.2 or above.