CVE-2025-6023

Published Jul 18, 2025

Last updated 13 hours ago

CVSS high 7.6

Overview

Description
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01
Source
security@grafana.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.6
Impact score
4.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Severity
HIGH

Weaknesses

security@grafana.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-6023 An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. Th… https://t.co/kOBgN4SQRJ

    @CVEnew

    18 Jul 2025

    335 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.