CVE-2025-41118P2CRITICALCVSS 9.1fixed in 1.15.2·v1.16.0+1 more2026-04-15
CVE-2025-41118 [CRITICAL] CWE-732 CVE-2025-41118: Pyroscope is an open-source continuous profiling database. The database supports various storage bac
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS).
If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secret_key configuration value from the Pyroscope API.
To exploit this vulnerability, an at
nvd