CVE-2025-4123

Grafana 11.6.0 - SSRF

Severity Score

7.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious websites. This attack can be carried out without requiring elevated privileges if anonymous access is enabled.

An update for grafana is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include cross site scripting and open redirection vulnerabilities.

*Credits: Alvaro Balada

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2025-04-30 CVE Reserved
2025-05-19 CVE Published
2025-05-24 First Exploit
2026-04-29 CVE Updated
2026-04-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CAPEC

CAPEC-63: Cross-Site Scripting (XSS)
CAPEC-204: Lifting Sensitive Data Embedded in Cache

References (12)

URL	Tag	Source
https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580	Mitigation

URL	Date	SRC
https://www.exploit-db.com/exploits/52491	2026-04-06
https://github.com/NightBloodz/CVE-2025-4123	2025-06-09
https://github.com/kk12-30/CVE-2025-4123	2025-05-24
https://github.com/imbas007/CVE-2025-4123-template	2025-06-03
https://github.com/ynsmroztas/CVE-2025-4123-Exploit-Tool-Grafana-	2025-06-10
https://github.com/B1ack4sh/Blackash-CVE-2025-4123	2025-06-10
https://github.com/DesDoTvl/CVE-2025-4123grafana	2025-06-17
https://github.com/punitdarji/Grafana-cve-2025-4123	2025-06-21

URL	Date	SRC

URL	Date	SRC
https://grafana.com/security/security-advisories/cve-2025-4123	2025-05-22
https://access.redhat.com/security/cve/CVE-2025-4123	2025-06-09
https://bugzilla.redhat.com/show_bug.cgi?id=2364632	2025-06-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Grafana Search vendor "Grafana"		Grafana Search vendor "Grafana" for product "Grafana"				>= 10.4.18+security-01 < 10.4.19 Search vendor "Grafana" for product "Grafana" and version " >= 10.4.18+security-01 < 10.4.19"		en		Affected
Grafana Search vendor "Grafana"		Grafana Search vendor "Grafana" for product "Grafana"				>= 11.2.9+security-01 < 11.2.10 Search vendor "Grafana" for product "Grafana" and version " >= 11.2.9+security-01 < 11.2.10"		en		Affected
Grafana Search vendor "Grafana"		Grafana Search vendor "Grafana" for product "Grafana"				>= 11.3.6+security-01 < 11.3.7 Search vendor "Grafana" for product "Grafana" and version " >= 11.3.6+security-01 < 11.3.7"		en		Affected
Grafana Search vendor "Grafana"		Grafana Search vendor "Grafana" for product "Grafana"				>= 11.4.4+security-01 < 11.4.5 Search vendor "Grafana" for product "Grafana" and version " >= 11.4.4+security-01 < 11.4.5"		en		Affected
Grafana Search vendor "Grafana"		Grafana Search vendor "Grafana" for product "Grafana"				>= 11.5.4+security-01 < 11.5.5 Search vendor "Grafana" for product "Grafana" and version " >= 11.5.4+security-01 < 11.5.5"		en		Affected
Grafana Search vendor "Grafana"		Grafana Search vendor "Grafana" for product "Grafana"				>= 11.6.1+security-01 < 11.6.2 Search vendor "Grafana" for product "Grafana" and version " >= 11.6.1+security-01 < 11.6.2"		en		Affected
Grafana Search vendor "Grafana"		Grafana Search vendor "Grafana" for product "Grafana"				>= 12.0.0+security-01 < 12.0.1 Search vendor "Grafana" for product "Grafana" and version " >= 12.0.0+security-01 < 12.0.1"		en		Affected