CVE-2025-3415

July 18, 2025 invoker category_news

Security Update News

Update Information

Title CVE-2025-3415
Update ID CVE-2025-3415
Type cve
Published 2025-07-17T11:15:22
Last Updated 2025-07-17T21:15:50

Security Impact

CVSS Score 4.3
Severity MEDIUM

AI Analysis

AI Description A vulnerability in Grafana’s Alerting DingDing integration exposed it to users with Viewer permissions. This could allow unauthorized access to sensitive information. The issue has been fixed in multiple versions of Grafana.
AI Severity Medium
AI Vendor Grafana Labs
AI Product Grafana
AI Version 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01, 12.0.1+security-01

Affected CVEs

  • CVE-2025-3415

Update Details

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission.
Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.