Issue CVE-2025-68121 - Grafana 10.4.19_security_01-1

J.Wick

J.Wick

Regular Pleskian
Server operating system version
Rocky 8.10 x86_64
Plesk version and microupdate number
18.0.76.3
During session resumption in crypto/TLS, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config. Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
https://www.cve.org/CVERecord?id=CVE-2025-68121
https://www.cve.org/CVERecord?id=CVE-2025-68121

Please fix.
 
Hi, @J.Wick . Our team is already working on addressing the vulnerabilities. The update has already been performed and it is currently in the testing stage, so it should be released soon.
 
You must log in or register to reply here.

Similar threads

M
Issue [CVE-2025-40778] BIND 9 Resolver Enables Cache Poisoning Via Unsolicited Answers
Replies
2
Views
3K
Kaspar
K
R
Resolved CVE-2026-42945 Nginx Rift and older Wordpress Toolkit heads up
Replies
14
Views
4K
rhall
R
M
Issue Plesk showing Cloudflare Origin CA cert, but server still serving Google Trust cert
Replies
3
Views
8K
mauricekindermann
M
N
Issue 421 Misdirected Request on Apache-only Plesk server after recent Apache update (CVE-2025-23048)
Replies
2
Views
9K
NatuurlijkHosting
N
Hangover2
Critical security issue fixed on 24–25 February 2026 (Plesk Obsidian 18.0.75 Update 1 / 18.0.76 Update 2) — request for vulnerability details
Replies
4
Views
5K
Hangover2
Hangover2
Back
Top