CVE-2025-10630 MEDIUM

CVE-2025-10630: Regex DoS in Grafana Zabbix Plugin

Vendor Grafana
Product grafana-zabbix-plugin
Weakness CWE-20 · Input validation
Published September 19, 2025
Last update September 24, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring.  Versions 5.2.1 and below contained a ReDoS vulnerability via user-supplied regex query which could causes CPU usage to max out. This vulnerability is fixed in version 6.0.0.

Key dates

02Disclosure timeline

September 19, 2025 CVE published
September 24, 2025 Record updated