CVE-2025-9308: 
Grafana vulnerability analysis and mitigation

A vulnerability has been identified in yarnpkg Yarn versions up to 1.22.22, affecting the setOptions function in src/util/request-manager.js. The vulnerability was discovered and disclosed on August 21, 2025. This security issue impacts the package manager's request handling functionality and affects systems where Yarn package manager is installed (NVD, VulDB).

The vulnerability stems from inefficient regular expression complexity in the setOptions function of src/util/request-manager.js. The issue has been assigned a CVSS v4.0 base score of 4.8 (Medium) with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N. Under CVSS v3.1, it received a score of 3.3 (Low) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L (NVD).

The vulnerability can lead to inefficient regular expression complexity, potentially causing performance issues in the affected systems. The impact is primarily limited to availability aspects, with no direct effect on confidentiality or integrity. Local access is required to exploit this vulnerability (NVD, VulDB).

As this vulnerability affects a product that is no longer supported by the maintainer, there is no official patch available. Users are advised to consider migrating to supported alternatives or implementing strict access controls to minimize the risk (NVD).