Infinity Datasource Plugin for Grafana Vulnerability Exposes Data to Attackers
CVE-2025-8341

5MEDIUM

Key Information:

Vendor: Grafana
Status: Grafana-infinity-datasource
Vendor: CVE Published:; 4 August 2025

What is CVE-2025-8341?

The Infinity datasource plugin for Grafana is designed to facilitate data visualization from multiple endpoints including JSON, CSV, XML, GraphQL, and HTML. However, a configuration flaw allows attackers to bypass restrictions meant to limit data source URLs. By crafting a specially formatted URL, an attacker could gain unauthorized access to sensitive data. This issue has been addressed in version 3.4.1, emphasizing the need for users to update their installations promptly to mitigate risks associated with unauthorized data exposure.

Affected Version(s)

grafana-infinity-datasource 0.6.0 < 3.4.1

References

https://grafana.com/security/security-advisories/cve-2025...

vendor-advisory

https://github.com/grafana/grafana-infinity-datasource/re...

patch

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2025
Vulnerability Reserved
Jul 30, 2025

Credit

Elad Pticha

JSON