CVE-2025-1088
published 2025-06-18CVE-2025-1088: In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation…
PriorityP48low2.7CVSS 3.1
AVNACLPRHUINSUCNINAL
EPSS
0.39%
31.2th percentile
In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana.
This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | grafana_grafana | >= 0 < 0.0.0-20250521211231-e0ba4b480954 | 0.0.0-20250521211231-e0ba4b480954 |
| github.com | grafana_grafana | >= 0.0.1-test < 11.6.2 | 11.6.2 |
| github.com | grafana_grafana | >= 0.0.1-test | — |
| github.com | hashicorp_vault | >= 1.14.8 < 1.20.0 | 1.20.0 |
| grafana | grafana | < 11.6.2 | 11.6.2 |
CVSS provenance
nvdv3.12.7LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
ghsa3.1LOW
osv2.7LOW
vendor_redhat3.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Grafana long dashboard title or panel name causes unresponsives in github.com/grafana/grafana
osv·2025-07-28
CVE-2025-1088 Grafana long dashboard title or panel name causes unresponsives in github.com/grafana/grafana
Grafana long dashboard title or panel name causes unresponsives in github.com/grafana/grafana
Grafana long dashboard title or panel name causes unresponsives in github.com/grafana/grafana.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/grafana/grafana before v11.6.2.
GHSA
Vault Community Edition rekey and recovery key operations can cause denial of service
ghsa·2025-06-26·CVSS 3.1
CVE-2025-4656 [LOW] CWE-1088 Vault Community Edition rekey and recovery key operations can cause denial of service
Vault Community Edition rekey and recovery key operations can cause denial of service
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.
OSV
CVE-2025-1088: In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vul
osv·2025-06-18·CVSS 2.7
CVE-2025-1088 [LOW] CVE-2025-1088: In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vul
In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.
OSV
Grafana long dashboard title or panel name causes unresponsives
osv·2025-06-18
CVE-2025-1088 [LOW] Grafana long dashboard title or panel name causes unresponsives
Grafana long dashboard title or panel name causes unresponsives
In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana.
This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.
GHSA
Grafana long dashboard title or panel name causes unresponsives
ghsa·2025-06-18
CVE-2025-1088 [LOW] CWE-20 Grafana long dashboard title or panel name causes unresponsives
Grafana long dashboard title or panel name causes unresponsives
In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana.
This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.
Red Hat
github.com/hashicorp/vault: Vault Denial of Service
vendor_redhat·2025-06-25·CVSS 3.1
CVE-2025-4656 [LOW] CWE-1088 github.com/hashicorp/vault: Vault Denial of Service
github.com/hashicorp/vault: Vault Denial of Service
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.
A key handling flaw has been discovered in Vault. The rekey and recovery key operations may lead to a denial of service in the vault application due to uncontrolled cancellations of these operations.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base
Red Hat
grafana: Grafana Improper Input Validation Vulnerability
vendor_redhat·2025-06-18·CVSS 2.7
CVE-2025-1088 [LOW] CWE-20 grafana: Grafana Improper Input Validation Vulnerability
grafana: Grafana Improper Input Validation Vulnerability
In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana.
This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.
A flaw was found in grafana. Improper input validation of dashboard titles and panel names allows an excessively long string to trigger Chromium browser unresponsiveness. A remote attacker can trigger this condition by providing a crafted dashboard title or panel name. This results in a denial of service affecting the browser rendering Grafana. The vulnerability stems from a lack of bounds checking on user-supplied input.
Mitigation: To mitigate this flaw limit dashboard titles and pan
No detection rules found.
No public exploits indexed.
2025-06-18
Published