Open Redirect Vulnerability in Grafana OSS by Grafana
CVE-2025-6023

7.6HIGH

Key Information:

Vendor: Grafana
Status: Grafana
Vendor: CVE Published:; 18 July 2025

What is CVE-2025-6023?

An open redirect vulnerability has been identified in Grafana OSS, which can be exploited to carry out cross-site scripting (XSS) attacks. This vulnerability first appeared in Grafana version 11.5.0 and can be combined with path traversal vulnerabilities to increase its potential impact. Affected users are encouraged to upgrade to patched versions, including Grafana v12.0.2+security-01 and earlier releases that have been updated for security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Grafana 12.0.x < 12.0.2+security-01

Grafana 11.6.x < 11.6.3+security-01

Grafana 11.5.x < 11.5.6+security-01

References

https://grafana.com/security/security-advisories/cve-2025...

vendor-advisory

https://grafana.com/blog/2025/07/17/grafana-security-rele...

release-notesmitigation

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2025
Vulnerability Reserved
Jun 12, 2025

Credit

Hoa X. Nguyen

JSON

Grafana