Home / Vulnerability Intelligence / CVE-2025-41118

CVE-2025-41118 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 15, 2026

Pyroscope - Information Disclosure

Published: April 15, 2026Updated: April 15, 2026Remote Exploitable

Overview

Pyroscope < 1.15.2, < 1.16.1, and < 1.17.0 contains an information disclosure vulnerability caused by exposure of secret_key configuration via the API when using Tencent COS storage backend, letting attackers with direct API access extract secret keys.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers with direct API access can extract secret keys, potentially compromising storage backend security and data confidentiality.

Mitigation

Upgrade to versions 1.15.2, 1.16.1, 1.17.0 or later.

References

https://grafana.com/security/security-advisories/cve-2025-41118

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-41118
Severity: Critical
CVSS Score: 9.1
Type: undefined
Status: new

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N