CVE-2025-41117

Name of the Vulnerable Software and Affected Versions Grafana (affected versions not specified)

Description The Explore Traces view in Grafana can render stack traces as raw HTML, potentially allowing malicious JavaScript injection into the browser. This requires malicious JavaScript to be entered into the stack trace field. Only datasources utilizing the Jaeger HTTP API are affected; Jaeger gRPC and Tempo datasources are not impacted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.