CVE-2025-6197
4.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality.
Prerequisites for exploitation:
Multiple organizations must exist in the Grafana instance
Victim must be on a different organization than the one specified in the URL
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Grafana | Grafana | 12.0.x < 12.0.2+security-01 | affected |
| Grafana | Grafana | 11.6.x < 11.6.3+security-01 | affected |
| Grafana | Grafana | 11.5.x < 11.5.6+security-01 | affected |
| Grafana | Grafana | 11.4.x < 11.4.6+security-01 | affected |
| Grafana | Grafana | 11.3.x < 11.3.8+security-01 | affected |
Weaknesses
- CWE-601: CWE-601
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://grafana.com/security/security-advisories/cve-2025-6197/
- https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.