AI description
CVE-2025-6023 is an open redirect vulnerability found in Grafana OSS that can be exploited to achieve cross-site scripting (XSS) attacks. The vulnerability was introduced in Grafana version 11.5.0. It was discovered on June 11, 2025, through Grafana's bug bounty program. The vulnerability combines client-side path traversal and open redirect mechanisms to enable XSS attacks. By crafting URLs with path traversal sequences or double slashes, attackers can bypass intended navigation controls and redirect users to malicious sites or load malicious resources. Successful exploitation could lead to session hijacking, account takeover, and access to sensitive dashboards. Unlike many XSS vulnerabilities, this one does not require editor permissions, making it particularly dangerous when anonymous access is enabled.
- Description
- An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01
- Source
- security@grafana.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.6
- Impact score
- 4.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
- Severity
- HIGH
- security@grafana.com
- CWE-79
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
Grafana CVE-2025-6023 Bypass: A Technical Deep Dive https://t.co/H0rzAijinY
@akaclandestine
30 Dec 2025
1387 Impressions
3 Retweets
21 Likes
6 Bookmarks
0 Replies
0 Quotes
''Grafana CVE-2025-6023 Bypass: A Technical Deep Dive'' #infosec #pentest #redteam #blueteam https://t.co/k1p8v8fQOc
@CyberWarship
29 Dec 2025
6200 Impressions
23 Retweets
75 Likes
56 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Coordinated Grafana Exploitation Attempts on 28 September | 02-10-2025 Source: https://t.co/ycj6YDTPEt Key details below ↓ 🎯Victims: Grafana users 🌐Geo: Slovakia, Taiwan, Bangladesh, China, Germany 🔓CVEs: CVE-2025-6023 https://t.co/PPx
@rst_cloud
5 Oct 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades corregidas en Grafana ❗CVE-2025-6023 ➡️Más info: https://t.co/VTrc146cwG https://t.co/xMrPgWmLJw
@CERTpy
24 Jul 2025
122 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Grafana security release : correction de sécurité de séverité moyenne et élevée pour les CVE-2025-6197 et CVE-2025-6023 👉 https://t.co/45ACsjlZHw https://t.co/zOVOVaLQJE
@bearstech
22 Jul 2025
1840 Impressions
1 Retweet
13 Likes
5 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-6023:Grafana Cross-Site-Scripting (XSS) via scripted dashboards CVE-2025-6197:Grafana Open Redirect in Organization Switching 📊1.8M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/LKwlkf3rMz 👇Query HUNTER : htt
@HunterMapping
21 Jul 2025
2871 Impressions
11 Retweets
50 Likes
27 Bookmarks
0 Replies
0 Quotes
CVE-2025-6023 An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. Th… https://t.co/kOBgN4SQRJ
@CVEnew
18 Jul 2025
335 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes