What is the CVSS score of CVE-2025-1088?

CVE-2025-1088 has a CVSS 3.1 base score of 2.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.1%.

Which versions of Grafana are affected by CVE-2025-1088?

CVE-2025-1088 is a low-severity vulnerability involving input validation (CVSS 2.7).. A patch is available.

How to fix or mitigate CVE-2025-1088?

During next maintenance window: Apply vendor patches when convenient. Verify input validation controls are in place.

Grafana CVE-2025-1088

EUVD-2025-18570 LOW

Improper Input Validation (CWE-20)

2025-06-18 security@grafana.com

GHSA-crvv-6w6h-cv34

Grafana Information Disclosure Google Ubuntu Debian Chrome

2.7

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

2.7 LOW

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Ubuntu

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 14, 2026 - 22:49 euvd

EUVD-2025-18570

Analysis Generated

Mar 14, 2026 - 22:49 vuln.today

CVE Published

Jun 18, 2025 - 10:15 nvd

LOW 2.7

DescriptionCVE.org

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

Analysis

Technical ContextAI

This vulnerability is classified as Improper Input Validation (CWE-20).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

More from same product – last 7 days

CVE-2026-11769 MEDIUM This Month

6.4 Jun 13

Privilege escalation in Grafana Operator (all versions ≤ 5.23) allows any user with Kubernetes RBAC permissions to creat

Vendor StatusVendor

Ubuntu

Priority: Medium

grafana

Release	Status	Version
xenial	needs-triage	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

Debian

grafana

Release	Status	Fixed Version	Urgency
(unstable)	fixed	(unfixed)	-

CVE-2025-1088 vulnerability details – vuln.today

Back

Grafana CVE-2025-1088

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code