Medium severity4.3OSV Advisory· Published Sep 19, 2025· Updated Apr 15, 2026
CVE-2025-10630
CVE-2025-10630
Description
Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring.
Versions 5.2.1 and below contained a ReDoS vulnerability via user-supplied regex query which could causes CPU usage to max out. This vulnerability is fixed in version 6.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/alexanderzobnin/grafana-zabbixGo | < 6.0.0 | 6.0.0 |
Affected products
5- Range: v2.5.1, v3.0.0-beta1, v3.0.0-beta2, …
- ghsa-coords4 versionspkg:golang/github.com/alexanderzobnin/grafana-zabbixpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 6.0.0+ 3 more
- (no CPE)range: < 6.0.0
- (no CPE)range: < 0.0.20251023T162509-150000.1.110.1
- (no CPE)range: < 0.0.20250924T192141-1.1
- (no CPE)range: < 0.0.20251023T162509-150000.1.110.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-g4rr-88fc-26fjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-10630ghsaADVISORY
- github.com/grafana/grafana-zabbix/releases/tag/v6.0.0nvdWEB
- grafana.com/security/security-advisories/cve-2025-10630ghsaWEB
- pkg.go.dev/vuln/GO-2025-3976ghsaWEB
- grafana.com/security/security-advisories/cve-2025-10630/nvd
News mentions
0No linked articles in our index yet.