- Description
- A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dashboards/folders regardless of permissions - Editors can view/edit/delete all dashboards/folders regardless of permissions - Editors can create dashboards in any folder regardless of permissions - Anonymous users with viewer/editor roles are similarly affected Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources.
- Source
- security@grafana.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.3
- Impact score
- 5.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
- Severity
- HIGH
- security@grafana.com
- CWE-863
- Hype score
- Not currently trending
CVE-2025-3260 (CVSS:8.3, HIGH) is Awaiting Analysis. A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard a..https://t.co/o63d72tUKc #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
7 Jun 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3260 A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects… https://t.co/Fz6voiRJPa
@CVEnew
2 Jun 2025
348 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3260: HIGH] Security alert: Vulnerability in /apis/dashboard.grafana.app/* allows bypassing of dashboard permissions for all API versions. Viewers and editors can access all dashboards/folders regard...#cve,CVE-2025-3260,#cybersecurity https://t.co/ZYLSKpSx27 https://t.
@CveFindCom
2 Jun 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana Patches CVE-2025-3260 and More in Critical Security Update https://t.co/55Wpqs4jpc
@Dinosn
24 Apr 2025
4524 Impressions
31 Retweets
77 Likes
15 Bookmarks
0 Replies
0 Quotes
Grafana Patches CVE-2025-3260 and More in Critical Security Update https://t.co/jxB1Y6oVbJ
@the_yellow_fall
24 Apr 2025
465 Impressions
2 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes