What is the CVSS score of EUVD-2025-18570?

EUVD-2025-18570 has a CVSS 3.1 base score of 2.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.1%.

Which versions of Grafana are affected by EUVD-2025-18570?

CVE-2025-1088 is a low-severity vulnerability involving input validation (CVSS 2.7).. A patch is available.

How to fix or mitigate EUVD-2025-18570?

During next maintenance window: Apply vendor patches when convenient. Verify input validation controls are in place.

Grafana EUVD-2025-18570

| CVE-2025-1088 LOW

Improper Input Validation (CWE-20)

2025-06-18 security@grafana.com

GHSA-crvv-6w6h-cv34

Grafana Information Disclosure Google Ubuntu Debian Chrome

2.7

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

2.7 LOW

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Ubuntu

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 14, 2026 - 22:49 euvd

EUVD-2025-18570

Analysis Generated

Mar 14, 2026 - 22:49 vuln.today

CVE Published

Jun 18, 2025 - 10:15 nvd

LOW 2.7

DescriptionCVE.org

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

Analysis

Technical ContextAI

This vulnerability is classified as Improper Input Validation (CWE-20).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

More from same product – last 7 days

CVE-2026-11769 MEDIUM This Month

6.4 Jun 13

Privilege escalation in Grafana Operator (all versions ≤ 5.23) allows any user with Kubernetes RBAC permissions to creat

Vendor StatusVendor

Ubuntu

Priority: Medium

grafana

Release	Status	Version
xenial	needs-triage	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

Debian

grafana

Release	Status	Fixed Version	Urgency
(unstable)	fixed	(unfixed)	-

EUVD-2025-18570 vulnerability details – vuln.today

Back

Grafana EUVD-2025-18570

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code