cve-2025-4123
Vulnerability from cvelistv5
Published
2025-05-22 07:44
Modified
2025-05-22 13:21
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T13:21:28.047643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T13:21:52.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "10.4.19",
"status": "affected",
"version": "10.4.18+security-01",
"versionType": "semver"
},
{
"lessThan": "11.2.10",
"status": "affected",
"version": "11.2.9+security-01",
"versionType": "semver"
},
{
"lessThan": "11.3.7",
"status": "affected",
"version": "11.3.6+security-01",
"versionType": "semver"
},
{
"lessThan": "11.4.5",
"status": "affected",
"version": "11.4.4+security-01",
"versionType": "semver"
},
{
"lessThan": "11.5.5",
"status": "affected",
"version": "11.5.4+security-01",
"versionType": "semver"
},
{
"lessThan": "11.6.2",
"status": "affected",
"version": "11.6.1+security-01",
"versionType": "semver"
},
{
"lessThan": "12.0.1",
"status": "affected",
"version": "12.0.0+security-01",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.\u003cbr\u003e\u003cbr\u003eThe default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.\n\nThe default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63"
}
]
},
{
"capecId": "CAPEC-204",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-204"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T07:44:09.491Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2025-4123/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2025-4123",
"datePublished": "2025-05-22T07:44:09.491Z",
"dateReserved": "2025-04-30T06:59:15.172Z",
"dateUpdated": "2025-05-22T13:21:52.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-4123\",\"sourceIdentifier\":\"security@grafana.com\",\"published\":\"2025-05-22T08:15:52.720\",\"lastModified\":\"2025-05-23T15:55:02.040\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.\\n\\nThe default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de cross-site scripting (XSS) en Grafana causada por la combinaci\u00f3n de un recorrido de ruta de cliente y una redirecci\u00f3n abierta. Esto permite a los atacantes redirigir a los usuarios a un sitio web que aloja un complemento frontend que ejecuta JavaScript arbitrario. Esta vulnerabilidad no requiere permisos de editor y, si se habilita el acceso an\u00f3nimo, el XSS funcionar\u00e1. Si el complemento Grafana Image Renderer est\u00e1 instalado, es posible explotar la redirecci\u00f3n abierta para obtener una lectura completa de SSRF. La pol\u00edtica de seguridad de contenido (CSP) predeterminada en Grafana bloquear\u00e1 el XSS mediante la directiva `connect-src`.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@grafana.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"security@grafana.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"},{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"references\":[{\"url\":\"https://grafana.com/security/security-advisories/cve-2025-4123/\",\"source\":\"security@grafana.com\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.