Two vital Grafana vulnerabilities that might permit attackers to redirect customers to malicious web sites and execute arbitrary JavaScript code.
The vulnerabilities, recognized as CVE-2025-6023 and CVE-2025-6197, have an effect on a number of variations of Grafana, together with 12.0.x, 11.6.x, 11.5.x, 11.4.x, and 11.3.x branches.
Each safety flaws have been found by means of Grafana’s bug bounty program, with researchers Hoa X. Nguyen from OPSWAT and Dat Phung answerable for the respective discoveries.
Key Takeaways1. CVE-2025-6023 (XSS) and CVE-2025-6197 (redirect) in Grafana variations have been patched2. Attackers can redirect customers and execute malicious code.3. Improve instantly or apply Content material Safety Coverage mitigations.
Excessive-Severity XSS Vulnerability
The extra critical vulnerability, CVE-2025-6023, carries a CVSS rating of seven.6 and represents a high-severity cross-site scripting (XSS) assault vector.
This vulnerability exploits shopper path traversal and open redirect mechanisms, enabling attackers to redirect customers to malicious web sites that may execute arbitrary JavaScript code inside scripted dashboards.
What makes this vulnerability significantly harmful is that it doesn’t require editor permissions to use, and if nameless entry is enabled, the XSS assault turns into instantly viable.
The vulnerability impacts Grafana variations >= 11.5.0 and poses vital dangers to Grafana Cloud customers since their Content material-Safety-Coverage lacks a connect-src directive, which is important for stopping attackers from fetching exterior JavaScript.
Whereas attackers don’t want direct entry to craft payloads, victims have to be authenticated with at the very least Viewer permissions for profitable JavaScript execution.
The potential impression consists of session hijacking and full account takeover by means of malicious script execution.
Medium-Severity Open Redirect Flaw
CVE-2025-6197, with a CVSS rating of 4.2, represents a medium-severity open redirect vulnerability inside Grafana’s group switching performance.
This vulnerability requires particular situations for exploitation: the Grafana occasion should help a number of organizations, the focused consumer have to be a member of each organizations being switched between, and the attacker should possess information of the group ID at the moment being seen.
Notably, Grafana Cloud customers stay unaffected by this explicit vulnerability for the reason that platform doesn’t help Organizations.
Nevertheless, the open redirect mechanism can probably be chained with different assaults to attain XSS, just like the patterns noticed in CVE-2025-6023 and the earlier vulnerability CVE-2025-4123.
CVETitleAffected VersionsPatched VersionsCVSS 3.1 ScoreSeverityCVE-2025-6023XSS by way of shopper path traversal and open redirect>= Grafana 11.5.012.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, 11.3.8+security-017.6HighCVE-2025-6197Open redirect by way of group switching>= Grafana 11.5.012.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, 11.3.8+security-014.2Medium
Patches Obtainable
Grafana Labs has launched complete safety patches throughout all affected variations, together with Grafana 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, and 11.3.8+security-01.
For organizations unable to right away improve, non permanent mitigation methods can be found.
For CVE-2025-6023, directors can implement Content material Safety Coverage configurations utilizing the next template:
For CVE-2025-6197, directors can block Grafana URLs starting with / (%2Fpercent5C) of their ingress configuration or restrict cases to single group deployments.
Increase detection, cut back alert fatigue, speed up response; all with an interactive sandbox constructed for safety groups -> Strive ANY.RUN Now
