4.2
CVE-2025-6197
- EPSS 3.71%
- Veröffentlicht 18.07.2025 07:48:22
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security@grafana.com
- CVE-Watchlists
- Unerledigt
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerGrafana
≫
Produkt
Grafana
Default Statusunaffected
Version
12.0.x
Version <
12.0.2+security-01
Status
affected
Version
11.6.x
Version <
11.6.3+security-01
Status
affected
Version
11.5.x
Version <
11.5.6+security-01
Status
affected
Version
11.4.x
Version <
11.4.6+security-01
Status
affected
Version
11.3.x
Version <
11.3.8+security-01
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.71% | 0.883 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@grafana.com | 4.2 | 1.6 | 2.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/
https://grafana.com/security/security-advisories/cve-2025-6197/