CVE-2025-4123

Grafana の脆弱なインスタンスは 46,000：CVE-2025-4123 の悪用とアカウント乗っ取り https://t.co/fwqO6o0Llb Grafana の脆弱性 CVE-2025-4123

Una tercera dels servidors Grafana exposats a internet, gairebé 46.000, son vulnerables a la presa de control total dels servidors per part d'atacants (CVE-2025-4123). https://t.co/8NXxJYO0tG https://t.co/GtdzDz5tDF

CVE-2025-4123 - Grafana XSS and Full-Read SSRF vulnerability https://t.co/oqBN98aGRd https://t.co/4hhYTA0DcN

CVE-2025-4123 - Grafana XSS and Full-Read SSRF vulnerability https://t.co/Caae8k9etI https://t.co/sr9aldNAxN

CVE-2025-4123 Grafana Bug name: grafana ghost Type: client-side Weakness: Plugin mechanism that downloads plugins from urls Attack techniques: URL manipulation, session hijacking, cross-origin-bypass

CVE-2025-4123 - Grafana XSS and Full-Read SSRF vulnerability https://t.co/KYd6NG4WIc https://t.co/Byczt9WcPp

CVE-2025-4123 - Grafana XSS and Full-Read SSRF vulnerability https://t.co/0lE5F4zdlh https://t.co/4gcQPnOmSU

CVE-2025-4123 - Grafana XSS and Full-Read SSRF vulnerability https://t.co/e0VClHUBif https://t.co/YlmpVMEjjF

Over 46,000 internet-facing #Grafana instances remain unpatched and vulnerable to a client-side open redirect #vulnerability, which can lead to malicious plugin execution and account takeover. This issue is identified as CVE-2025-4123. #onpatrol4malware https://t.co/2654tyrqkQ

CVE-2025-4123 Vulnerability: “The Grafana Ghost” Zero-Day Enables Malicious Account Hijacking https://t.co/LIse4sulqj June has been a turbulent month for cyber defenders, marked by a surge of high-profile vulnerabilities shaking the security landscape. Following the exploit

⚠️⚠️ CVE-2025-4123 : A Cross-Site Scripting (XSS) Vulnerability Exists in Grafana 🔥Exp: https://t.co/bk1IrYjWTR 🎯696k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/nRs8nYnH1B FOFA Query:app="Grafana" 🔖Refer:https://t.c

🗞️ Over 46,000 Grafana instances are exposed to a client-side open redirect flaw (CVE-2025-4123), which allows malicious plugin execution and account takeovers. Admins must urgently update to secure critical monitoring systems from exploitation. Key takeaways: 🧵 https://

【パッチ未適用のGrafanaインスタンスが4.6万件超】インターネットからアクセス可能な全Grafanaインスタンスの3分の1以上が、いまだXSSの脆弱性CVE-2025-4123のパッチを適用していないという。この欠陥は攻撃者に

Over 46,000 exposed Grafana instances remain vulnerable to CVE-2025-4123, allowing malicious plugin execution and account takeover, despite security updates released by Grafana Labs. #Security https://t.co/eBBjQbuq5T

🚨Alert🚨CVE-2025-4123 : A Cross-Site Scripting (XSS) Vulnerability Exists in Grafana 🔥EXP : https://t.co/64D9rVD52k 🧐Deep Dive : https://t.co/vmjghpY70O 📊1.8M+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/LKwlkf3ZC7 👇Quer

Grafanaのアカウント乗っ取り脆弱性CVE-2025-4123の詳細と対策 https://t.co/TuBVYPYflX #Security #セキュリティ　 #ニュース

Over 46,000 public Grafana instances remain vulnerable to CVE-2025-4123, a client-side open redirect flaw that could lead to account takeover & remote code execution. Many still unpatched, exposing a major threat. ⚠️ #Grafana #Security #USA https://t.co/1bOuTzbI0e

アカウント乗っ取りにつながるオープンリダイレクトの脆弱性"The Grafana Ghost" (CVE-2025-4123)に脆弱なGrafanaインスタンス46,000以上が公開状態にある。OX Security社報告。脆弱なバージョンは露出しているGrafanaの総数

Over 46,000 Grafana instances remain unpatched against a critical flaw (CVE-2025-4123) allowing account takeover via open redirect and XSS. Patch now to prevent attackers from hijacking admin accounts and stealing cloud credentials. Details: https://t.co/6IQLsAdmVO

[1day1line] CVE-2025-4123: XSS via Open Redirect in Grafana https://t.co/8koSrvEYjS CVE-2025-4123 is an account-takeover vulnerability in Grafana that chains an Open Redirect with XSS, enabling an attacker to change a user’s password.

#exploit 1. CVE-2025-0282: Stack-based BoF in Ivanti Connect Secure - https://t.co/gg5z4ap4Go 2. CVE-2025-4123: Grafana Path Traversal - https://t.co/0QxWl8iNVO 3. CVE-2025-4275: SecureBoot bypass for UEFI-compatible firmware based on Insyde H2O - https://t.co/l6ppF6bgYS

ㅤ ✨Grafana CVE-2025-4123 AWS SSRF @fofabot dork that find all vulnerable versions💯 👀 Very big Dork: app="grafana" && cloud_name="aws" && (body="Grafana v10.0.0" || body="Grafana v10.0.1" || body="Grafana v10.0.2" .....[and more] 🌀Get the full dork:

can't believe new CVE-2025-4123 is affected so many BBP programs on h1/bugcrowd including big Org. make sure to report by showing xss and ssrf poc if possible otherwise it goes n/a due to open redirect that are oos in most big programs..

I noticed someone released a tool for CVE-2025-4123 in Grafana. But let me clear this up. it's not as simple as adding a payload after /public/. That won’t exploit anything. Here's why 👇

CVE-2025-4123 : Grafana Full read SSRF and Account Takeover https://t.co/EIkI58ewwa https://t.co/DmfBzOHLde

CVE-2025-4123 i wrote an extended tool for Grafana #github https://t.co/1x7S3CLaIC #bugbounty #bugbountytips https://t.co/i5E6AomHYM

🚨 Miles de instancias de Grafana expuestas a CVE-2025-4123 🔍 Un reciente escaneo en FOFA sugiere que al menos 1,486 sistemas en México ejecutan Grafana, una plataforma vulnerable al CVE-2025-4123, la cual permitiría SSRF completo y toma de cuentas si no está parcheada. h

CVE-2025-4123 (CVSS:7.6, HIGH) is Awaiting Analysis. A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redire..https://t.co/1M84e5Ugw9 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

⚠️Vulnerabilidad corregida en Grafana ❗CVE-2025-4123 ➡️Más info: https://t.co/CslNzs4DZl https://t.co/RqQmIkh2Vh

🚨 Critical XSS vulnerability in Grafana (CVE-2025-4123) allows redirection & JS injection — no privileges needed. If you self-host Grafana, patch now. Affected: 8.x–12.0.0. #CyberSecurity #XSS #Grafana #CVE20254123 https://t.co/KbabJLkaqd

CVE-2025-4123: A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability

GitHub - NightBloodz/CVE-2025-4123: Script to exploit Grafana CVE-2025-4123: XSS and Full-Read SSRF https://t.co/8eyy4Mp899

GitHub - NightBloodz/CVE-2025-4123: Script to exploit Grafana CVE-2025-4123: XSS and Full-Read SSRF - https://t.co/XrShAqkuew

Grafana: CVE-2025-4123 Exploit https://t.co/nByMWvV8XN https://t.co/wiuiN5beP6

Grafana has issued high-severity security patches for CVE-2025-4123 to all supported versions 8.0+, addressing a critical XSS vulnerability that can lead to malicious redirects & session hijacking. Cloud services remain unaffected. 🚨 #Grafana #SecurityU… https://t.co/23h

CVE-2025-4123: 0-day in Grafana, 7.6 rating❗️ Grafana Labs has released an unscheduled update that fixes an XSS injection vulnerability in all supported versions. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/2Wt7ex3e29 #cybersecurity #vulnerability_map https

Grafanaにおいて深刻度の高いXSS脆弱性（CVE-2025-4123）が報告された。 CVSSスコアは7.6で、カスタムフロントエンドプラグインを通じてパスの不正処理やオープンリダイレクトを悪用し、任意のJavaScriptを実行可能

Just found an open redirect in Grafana (CVE-2025-4123) that allows 2 exploitation paths – Full Read SSRF & account takeover. 🔥 Easily my best bug so far. Full write-up: https://t.co/iMN8hIoAsp #bugbounty #infosec #cybersecurity https://t.co/UBHat7itcT

Grafanaで定例更新の1日前に脆弱性が修正された。CVE-2025-4123は深刻なXSSで、認証不要で悪用可能。即時更新が推奨されている。脆弱性が公開されたため定例更新を待たず修正したと公式。クライアントパストラ

⚡️The vulnerability details are now available: https://t.co/TMtGakAeCu 🚨🚨CVE-2025-4123: Grafana XSS vuln exposed! Hackers can exploit client path traversal & open redirect in custom plugins to redirect users to malicious sites, executing rogue JavaScript. Session