CVE-2025-1088Improper Input Validation in Grafana

CWE-20Improper Input ValidationCWE-1088Synchronous Access of Remote Resource without Timeout9 documents5 sources
Severity
2.7LOWNVD
GHSA3.1
EPSS
0.4%
top 42.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GrafanaGithub.com Grafana Grafana
Timeline
PublishedJun 18
Latest updateJul 28

Description

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5grafana/grafana< 11.6.2
Gogithub.com/grafana_grafana0.0.1-test11.6.2+2

🔴Vulnerability Details

6
OSV
Grafana long dashboard title or panel name causes unresponsives in github.com/grafana/grafana2025-07-28
GHSA
Vault Community Edition rekey and recovery key operations can cause denial of service2025-06-26
OSV
CVE-2025-1088: In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vul2025-06-18
OSV
Grafana long dashboard title or panel name causes unresponsives2025-06-18
CVEList
Very long unicode dashboard title or panel name can hang the frontend2025-06-18

📋Vendor Advisories

2
Red Hat
github.com/hashicorp/vault: Vault Denial of Service2025-06-25
Red Hat
grafana: Grafana Improper Input Validation Vulnerability2025-06-18
CVE-2025-1088 — Improper Input Validation in Grafana | cvebase