CVE-2025-6023
7.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Summary
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.
The open redirect can be chained with path traversal vulnerabilities to achieve XSS.
Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Grafana | Grafana | 12.0.x < 12.0.2+security-01 | affected |
| Grafana | Grafana | 11.6.x < 11.6.3+security-01 | affected |
| Grafana | Grafana | 11.5.x < 11.5.6+security-01 | affected |
| Grafana | Grafana | 11.4.x < 11.4.6+security-01 | affected |
| Grafana | Grafana | 11.3.x < 11.3.8+security-01 | affected |
Weaknesses
- CWE-601: CWE-601
- CWE-79: CWE-79
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://grafana.com/security/security-advisories/cve-2025-6023/
- https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.