CVE-2025-58746

Name of the Vulnerable Software and Affected Versions: Volkov Labs Business Links panel for Grafana versions prior to 2.4.0

Description: The Volkov Labs Business Links panel for Grafana allows navigation using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary administrative actions. This is possible due to arbitrary JavaScript code injection in the URL field within the [Layout] → [Link] → [URL] configuration.

Recommendations: Update to version 2.4.0 or later.