x/vulndb: potential Go vuln in github.com/alexanderzobnin/grafana-zabbix: GHSA-g4rr-88fc-26fj #3976
Description
Advisory GHSA-g4rr-88fc-26fj references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/alexanderzobnin/grafana-zabbix |
Description:
Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring.
Versions 5.2.1 and below contained a ReDoS vulnerability via user-supplied regex query which could causes CPU usage to max out. This vulnerability is fixed in version 6.0.0.
References:
- ADVISORY: GHSA-g4rr-88fc-26fj
- ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-10630
- WEB: https://github.com/grafana/grafana-zabbix/releases/tag/v6.0.0
- WEB: https://grafana.com/security/security-advisories/cve-2025-10630
No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/alexanderzobnin/grafana-zabbix
non_go_versions:
- fixed: 6.0.0
vulnerable_at: 3.12.4+incompatible
summary: Grafana-Zabbix ReDoS vulnerability in github.com/alexanderzobnin/grafana-zabbix
cves:
- CVE-2025-10630
ghsas:
- GHSA-g4rr-88fc-26fj
references:
- advisory: https://github.com/advisories/GHSA-g4rr-88fc-26fj
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-10630
- web: https://github.com/grafana/grafana-zabbix/releases/tag/v6.0.0
- web: https://grafana.com/security/security-advisories/cve-2025-10630
source:
id: GHSA-g4rr-88fc-26fj
created: 2025-09-19T18:01:29.930377146Z
review_status: UNREVIEWED