Open Redirect Vulnerability in Grafana OSS by Grafana
CVE-2025-6023

7.6HIGH

Key Information:

Vendor: Grafana
Status: Grafana
Vendor: CVE Published:; 18 July 2025

What is CVE-2025-6023?

An open redirect vulnerability has been identified in Grafana OSS, which can be exploited to carry out cross-site scripting (XSS) attacks. This vulnerability first appeared in Grafana version 11.5.0 and can be combined with path traversal vulnerabilities to increase its potential impact. Affected users are encouraged to upgrade to patched versions, including Grafana v12.0.2+security-01 and earlier releases that have been updated for security.

Affected Version(s)

Grafana 12.0.x < 12.0.2+security-01

Grafana 11.6.x < 11.6.3+security-01

Grafana 11.5.x < 11.5.6+security-01

References

https://grafana.com/security/security-advisories/cve-2025...

vendor-advisory

https://grafana.com/blog/2025/07/17/grafana-security-rele...

release-notesmitigation

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2025
Vulnerability Reserved
Jun 12, 2025

Credit

Hoa X. Nguyen