CVE-2025-11539

Name of the Vulnerable Software and Affected Versions Grafana Image Renderer versions 1.0.0 through 4.0.16

Description Grafana Image Renderer is susceptible to remote code execution due to an arbitrary file write issue. The /render/csv API endpoint lacks proper validation of the filePath parameter, allowing an attacker to save a shared object to an arbitrary location. This saved object is then loaded by the Chromium process. Successful exploitation requires either the default token (authToken) to be unchanged or known to the attacker, and the attacker must be able to reach the image renderer endpoint.

Recommendations Versions 1.0.0 through 4.0.16 should be updated.