CVE-2025-1088 LOW

CVE-2025-1088: Very long unicode dashboard title or panel name can hang the frontend

Vendor Grafana
Product Grafana
Weakness CWE-20 · Input validation
Published June 18, 2025
Last update November 23, 2025

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

Key dates

02Disclosure timeline

June 18, 2025 CVE published
November 23, 2025 Record updated