What is CVE-2025-41118?

CVE-2025-41118 is a critical-severity vulnerability in Grafana Pyroscope. CVSS score: 9.1/10. Published 2026-04-15.

How severe is CVE-2025-41118?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Grafana Pyroscope

CVE-2025-41118

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent COS as the storage backend, an attacker…

EPSS: 0.000 (3.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Grafana Pyroscope — versions 1.0.0

References

grafana.com/security/security-advisories/cve-2025-41118 (vendor-advisory)

Frequently asked questions

What is CVE-2025-41118?: CVE-2025-41118 is a critical-severity vulnerability in Grafana Pyroscope. CVSS score: 9.1/10. Published 2026-04-15.
How severe is CVE-2025-41118?: Critical severity. CVSS v3 base score is 9.1 out of 10.