Cross-Site Scripting Vulnerability in Grafana by Grafana Labs
CVE-2025-4123
Key Information:
Badges
What is CVE-2025-4123?
CVE-2025-4123 is a vulnerability within the Grafana platform, which is a widely used open-source analytics and monitoring solution. Grafana allows organizations to visualize and analyze metrics from various data sources, making it a critical tool for operational intelligence. The identified vulnerability is a cross-site scripting (XSS) flaw caused by the combination of a client path traversal issue and an open redirect. This vulnerability can have severe implications, as it enables attackers to redirect users to malicious websites that host frontend plugins capable of executing arbitrary JavaScript code. Notably, the exploitation of this vulnerability does not require elevated permissions, and if anonymous access is enabled within the Grafana instance, the risk is heightened significantly. Further complicating the situation, if the Grafana Image Renderer plugin is installed, attackers could leverage this flaw to perform a server-side request forgery (SSRF) attack, allowing them to read potentially sensitive internal resources.
Potential impact of CVE-2025-4123
-
Unauthorized Script Execution: The XSS vulnerability could allow attackers to execute arbitrary JavaScript in the context of authenticated users' sessions. This can lead to data theft, manipulation, or unauthorized actions being taken on behalf of the user.
-
Data Exposure and SSRF Risks: With the capability to perform server-side request forgery if the appropriate plugin is installed, attackers may access internal services that should remain protected from external threats. This could result in data leakage or further exploitation of the network.
-
Reputation and Trust Damage: For organizations using Grafana, any successful exploitation could undermine trust with customers and stakeholders, leading to reputational damage and potential financial losses due to remediation and recovery efforts.
Affected Version(s)
Grafana 10.4.18+security-01 < 10.4.19
Grafana 11.2.9+security-01 < 11.2.10
Grafana 11.3.6+security-01 < 11.3.7
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CybersecurityNewsCVE-2025-412346,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks
A critical vulnerability affecting over 46,000 publicly accessible Grafana instances worldwide, with 36% of all public-facing deployments vulnerable.
3 weeks ago
Over 46,000 Grafana instances exposed to account takeover bug
More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover.
3 weeks ago
CywareCVE-2025-4123Cyber Security News Today | Articles on Cyber Security, Malware Attack updates | Cyware
Cyber News - Check out top news and articles about cyber security, malware attack updates and more at Cyware.com. Our machine learning based curation engine brings you the top and relevant cyber security content. Read More!
References
CVSS V3.1
Timeline
- π
Vulnerability started trending
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by Cyber Press
Vulnerability published
Vulnerability Reserved