CVE-2025-6197

Summary

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality.

Prerequisites for exploitation:

  • Multiple organizations must exist in the Grafana instance

  • Victim must be on a different organization than the one specified in the URL

Affected Software

VendorProductVersion RangeStatus
GrafanaGrafana12.0.x < 12.0.2+security-01affected
GrafanaGrafana11.6.x < 11.6.3+security-01affected
GrafanaGrafana11.5.x < 11.5.6+security-01affected
GrafanaGrafana11.4.x < 11.4.6+security-01affected
GrafanaGrafana11.3.x < 11.3.8+security-01affected

Weaknesses

  • CWE-601: CWE-601

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References