PT-2025-30012 · Grafana +1 · Grafana Oss +1

Hoa X. Nguyen

Published

2025-06-11

Updated

2025-07-31

CVE-2025-6023

Report an issue

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Name of the Vulnerable Software and Affected Versions:

Grafana OSS versions 11.5.0 through 11.5.5

Grafana OSS versions 11.6.0 through 11.6.2

Grafana OSS versions 11.4.0 through 11.4.5

Grafana OSS versions 11.3.0 through 11.3.7

Description:

An open redirect vulnerability exists in Grafana OSS that can be exploited to achieve cross-site scripting (XSS) attacks. The vulnerability was introduced in Grafana version 11.5.0. The open redirect can be combined with path traversal vulnerabilities to achieve XSS.

Recommendations:

Update to Grafana OSS version 12.0.2+security-01.

Update to Grafana OSS version 11.6.3+security-01.

Update to Grafana OSS version 11.5.6+security-01.

Update to Grafana OSS version 11.4.6+security-01.

Update to Grafana OSS version 11.3.8+security-01.

Fix

XSS

Open Redirect

Weakness Enumeration

CWE-79CWE-601

Related Identifiers

BDU:2025-08910

BIT-GRAFANA-2025-6023

CVE-2025-6023

GHSA-VQPH-P5VC-G644

GO-2025-3817

Affected Products

Grafana Oss

Red Os

PT-2025-30012 · Grafana +1 · Grafana Oss +1

Weakness Enumeration

Related Identifiers

Affected Products

References · 30