CVE-2025-6023

High CVSS 7.6

Overview

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.

The open redirect can be chained with path traversal vulnerabilities to achieve XSS.

Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

CWE: CWE-79 Published: 2025-07-18T08:15:28.040

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.6 (HIGH)
Detected tags: path, redirect, xss (tag impact: MODERATE)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.
Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags