CVE-2025-3415

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Grafana (affected versions not specified)

Description A medium-severity flaw in Grafana Alerting exposes sensitive DingDing contact point URLs to viewers. This issue may lead to data exposure.

Recommendations Update to a patched version to resolve the issue. As a temporary workaround, consider disabling the DingDing integration until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2025-10637

ALT-PU-2025-10789

BDU:2025-08873

BIT-GRAFANA-2025-3415

CVE-2025-3415

ECHO-D718-2B45-E27B

GHSA-46M5-8HPJ-P5P5

GO-2025-3814

OPENSUSE-SU-2025:15226-1

OPENSUSE-SU-2025:15405-1

SUSE-SU-2025:3817-1

SUSE-SU-2025:3819-1

SUSE-SU-2025:4457-1

SUSE-SU-2025:4458-1

SUSE-SU-2025:4482-1

SUSE-SU-2026:1013-1

SUSE-SU-2026:1037-1

SUSE-SU-2026:1148-1

SUSE-SU-2026:1524-1

Affected Products

Alt Linux

Grafana

Red Os

CVE-2025-3415

Weakness Enumeration

Related Identifiers

Affected Products

References · 219