{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4123", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "state": "PUBLISHED", "assignerShortName": "GRAFANA", "dateReserved": "2025-04-30T06:59:15.172Z", "datePublished": "2025-05-22T07:44:09.491Z", "dateUpdated": "2025-05-22T13:21:52.672Z"}, "containers": {"cna": {"affected": [{"product": "Grafana", "vendor": "Grafana", "versions": [{"lessThan": "10.4.19", "status": "affected", "version": "10.4.18+security-01", "versionType": "semver"}, {"lessThan": "11.2.10", "status": "affected", "version": "11.2.9+security-01", "versionType": "semver"}, {"lessThan": "11.3.7", "status": "affected", "version": "11.3.6+security-01", "versionType": "semver"}, {"lessThan": "11.4.5", "status": "affected", "version": "11.4.4+security-01", "versionType": "semver"}, {"lessThan": "11.5.5", "status": "affected", "version": "11.5.4+security-01", "versionType": "semver"}, {"lessThan": "11.6.2", "status": "affected", "version": "11.6.1+security-01", "versionType": "semver"}, {"lessThan": "12.0.1", "status": "affected", "version": "12.0.0+security-01", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.<br><br>The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.&nbsp;</p>"}], "value": "A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.\n\nThe default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63"}]}, {"capecId": "CAPEC-204", "descriptions": [{"lang": "en", "value": "CAPEC-204"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-601", "description": "CWE-601", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2025-05-22T07:44:09.491Z"}, "references": [{"url": "https://grafana.com/security/security-advisories/cve-2025-4123/"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-22T13:21:28.047643Z", "id": "CVE-2025-4123", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-22T13:21:52.672Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4123", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-22T13:21:28.047643Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-22T13:21:46.460Z"}}], "cna": {"impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63"}]}, {"capecId": "CAPEC-204", "descriptions": [{"lang": "en", "value": "CAPEC-204"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Grafana", "product": "Grafana", "versions": [{"status": "affected", "version": "10.4.18+security-01", "lessThan": "10.4.19", "versionType": "semver"}, {"status": "affected", "version": "11.2.9+security-01", "lessThan": "11.2.10", "versionType": "semver"}, {"status": "affected", "version": "11.3.6+security-01", "lessThan": "11.3.7", "versionType": "semver"}, {"status": "affected", "version": "11.4.4+security-01", "lessThan": "11.4.5", "versionType": "semver"}, {"status": "affected", "version": "11.5.4+security-01", "lessThan": "11.5.5", "versionType": "semver"}, {"status": "affected", "version": "11.6.1+security-01", "lessThan": "11.6.2", "versionType": "semver"}, {"status": "affected", "version": "12.0.0+security-01", "lessThan": "12.0.1", "versionType": "semver"}]}], "references": [{"url": "https://grafana.com/security/security-advisories/cve-2025-4123/"}], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.\n\nThe default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.", "supportingMedia": [{"type": "text/html", "value": "<p>A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.<br><br>The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.&nbsp;</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601"}]}], "providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2025-05-22T07:44:09.491Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4123", "state": "PUBLISHED", "dateUpdated": "2025-05-22T13:21:52.672Z", "dateReserved": "2025-04-30T06:59:15.172Z", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "datePublished": "2025-05-22T07:44:09.491Z", "assignerShortName": "GRAFANA"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.\n\nThe default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive."}, {"lang": "es", "value": "Existe una vulnerabilidad de cross-site scripting (XSS) en Grafana causada por la combinaci\u00f3n de un recorrido de ruta de cliente y una redirecci\u00f3n abierta. Esto permite a los atacantes redirigir a los usuarios a un sitio web que aloja un complemento frontend que ejecuta JavaScript arbitrario. Esta vulnerabilidad no requiere permisos de editor y, si se habilita el acceso an\u00f3nimo, el XSS funcionar\u00e1. Si el complemento Grafana Image Renderer est\u00e1 instalado, es posible explotar la redirecci\u00f3n abierta para obtener una lectura completa de SSRF. La pol\u00edtica de seguridad de contenido (CSP) predeterminada en Grafana bloquear\u00e1 el XSS mediante la directiva `connect-src`."}], "id": "CVE-2025-4123", "lastModified": "2025-05-23T15:55:02.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "security@grafana.com", "type": "Secondary"}]}, "published": "2025-05-22T08:15:52.720", "references": [{"source": "security@grafana.com", "url": "https://grafana.com/security/security-advisories/cve-2025-4123/"}], "sourceIdentifier": "security@grafana.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-601"}], "source": "security@grafana.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:7892", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "grafana-0:10.2.6-17.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-19T00:00:00Z"}, {"advisory": "RHSA-2025:7894", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "grafana-0:9.2.10-23.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-19T00:00:00Z"}, {"advisory": "RHSA-2025:8684", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "grafana-0:6.3.6-7.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8683", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "grafana-0:7.3.6-9.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8679", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "grafana-0:7.5.11-6.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8679", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "grafana-0:7.5.11-6.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8679", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "grafana-0:7.5.11-6.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8685", "cpe": "cpe:/a:redhat:rhel_tus:8.8", "package": "grafana-0:7.5.15-7.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8685", "cpe": "cpe:/a:redhat:rhel_e4s:8.8", "package": "grafana-0:7.5.15-7.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:7893", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "grafana-0:10.2.6-13.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-19T00:00:00Z"}, {"advisory": "RHSA-2025:8681", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "grafana-0:7.5.11-10.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8680", "cpe": "cpe:/a:redhat:rhel_e4s:9.2", "package": "grafana-0:9.0.9-8.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8665", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "grafana-0:9.2.10-23.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-09T00:00:00Z"}], "bugzilla": {"description": "grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect", "id": "2364632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364632"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "status": "verified"}, "cwe": "CWE-79", "details": ["A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.\nThe default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.", "A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious websites. This attack can be carried out without requiring elevated privileges if anonymous access is enabled."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-4123", "public_date": "2025-05-15T03:49:32Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4123\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4123\nhttps://grafana.com/grafana/plugins/instana-datasource/?tab=changelog"], "statement": "This Grafana vulnerability is Important due to its low exploitation barrier and high impact. Unlike typical XSS flaws, it can be triggered without authentication if anonymous access is enabled\u2014a common setup in shared dashboards. It arises from improper handling of user-supplied paths in custom frontend plugins, leading to XSS and open redirect. When combined with the Grafana Image Renderer plugin, it enables full-read SSRF, exposing internal services and cloud metadata. This makes it a high-severity issue with serious real-world implications, especially in misconfigured or publicly exposed Grafana instances.", "threat_severity": "Important"}