Home / Vulnerability Intelligence / CVE-2025-41118

CVE-2025-41118 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 17, 2026

Pyroscope - Information Disclosure

Published: April 15, 2026Updated: April 17, 2026Remote Exploitable

Overview

Pyroscope < 1.15.2, < 1.16.1, and < 1.17.0 contains an information disclosure vulnerability caused by exposure of secret_key configuration via the API when using Tencent COS storage backend, letting attackers with direct API access extract secret keys.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 3.1%(Probability of exploitation in next 30 days)

Impact

Attackers with direct API access can extract secret keys, potentially compromising storage backend security and data confidentiality.

Mitigation

Upgrade to versions 1.15.2, 1.16.1, 1.17.0 or later.

References

https://grafana.com/security/security-advisories/cve-2025-41118

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 17, 2026

🔴 CVE-2025-41118 - Critical (9.1) Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent COS as the storage backend, an attacker could ex... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41118/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-41118
Severity: Critical
CVSS Score: 9.1
Type: undefined
Status: unconfirmed
EPSS: 3.1%
Social Posts: 1

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

3.1%Probability of exploitation in the next 30 days