CVE-2025-10630: 
vulnerability analysis and mitigation

CVE-2025-10630 affects Grafana-Zabbix, a plugin for Grafana that enables visualization of Zabbix monitoring data and dashboard creation. The vulnerability was discovered and disclosed on September 19, 2025. The affected versions are 5.2.1 and below, with the initial fix released in version 6.0.0, though an updated fix was later provided in version 6.0.2 (Grafana Advisory, NVD).

The vulnerability is classified as a Regular Expression Denial of Service (ReDoS) that occurs when processing user-supplied regex queries. The issue has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. The vulnerability is categorized under CWE-20 (Improper Input Validation) (NVD, Miggo).

When exploited, this vulnerability can cause CPU usage to max out through the processing of malicious regex patterns, potentially leading to a denial of service condition. The impact is limited to availability, with no direct effect on confidentiality or integrity (Grafana Advisory).

The vulnerability has been fixed in Grafana-Zabbix plugin version 6.0.2. The initial fix in version 6.0.0 was found to be insufficient. Users are strongly advised to upgrade to version 6.0.2 or above. The fix includes implementation of regex timeout for compilation and safety checks for pathological patterns (GitHub Release, Grafana Advisory).