← back
CVE-2025-6023

CVE-2025-6023

CVSS 7.6 HIGHEPSS 37.6%CWE-601CWE-79
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Affected products
Grafana · Grafana

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/https://grafana.com/security/security-advisories/cve-2025-6023/