CVE-2025-10630: Grafana-Zabbix ReDoS vulnerability

September 19, 2025 (updated September 26, 2025)

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring.

Versions 5.2.1 and below contained a ReDoS vulnerability via user-supplied regex query which could causes CPU usage to max out. This vulnerability is fixed in version 6.0.0.

References

github.com/advisories/GHSA-g4rr-88fc-26fj
github.com/grafana/grafana-zabbix
github.com/grafana/grafana-zabbix/releases/tag/v6.0.0
grafana.com/security/security-advisories/cve-2025-10630
nvd.nist.gov/vuln/detail/CVE-2025-10630
pkg.go.dev/vuln/GO-2025-3976

Code Behaviors & Features

Detect and mitigate CVE-2025-10630 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →