CVE-2025-6023_CVE-2025-6023

7.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Description

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.

The open redirect can be chained with path traversal vulnerabilities to achieve XSS.

Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

Basic Information

ID CVE-2025-6023

Source GRAFANA

Published Jul 18, 2025 at 07:48

Modified Jul 18, 2025 at 13:46

Affected Product

Vendor Grafana

Product Grafana

Version 12.0.x

Affected Versions Grafana Grafana 12.0.x
Grafana Grafana 11.6.x
Grafana Grafana 11.5.x
Grafana Grafana 11.4.x
Grafana Grafana 11.3.x

CWE Classification

CWE-601 CWE-79

References

{
    "lastseen": "",
    "description": "An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.\n\nThe open redirect can be chained with path traversal vulnerabilities to achieve XSS.\n\nFixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01",
    "published": "2025-07-18T07:48:15.972Z",
    "modified": "2025-07-18T13:46:45.354Z",
    "type": "cve",
    "title": "CVE-2025-6023",
    "source": "GRAFANA",
    "references": "https://grafana.com/security/security-advisories/cve-2025-6023/\nhttps://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/",
    "id": "CVE-2025-6023",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601",
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Grafana Grafana 12.0.x\nGrafana Grafana 11.6.x\nGrafana Grafana 11.5.x\nGrafana Grafana 11.4.x\nGrafana Grafana 11.3.x",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Grafana",
    "version": "12.0.x",
    "vendor": "Grafana",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}