- Description
- Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01
- Source
- security@grafana.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security@grafana.com
- CWE-200
- Hype score
- Not currently trending
CVE-2025-3415 Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users … https://t.co/XKEKIIBdxG
@CVEnew
17 Jul 2025
446 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3415 - medium 🚨 Grafana - Exposes DingDing API Keys > An incident occurred where the DingDing alerting integration URL was inadvertently ex... 👾 https://t.co/rZKDZG6UH9 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
22 Jun 2025
189 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Grafana security update: Medium severity security release for CVE-2025-3415 Today we are releasing security patches for Grafana 12.0.1, 11.6.2, 11.5.5, 11.4.5, 11.3.7, 11.2.10, and 10.4.19. https://t.co/dPCBgb4nbK
@Dannycorp
16 Jun 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes