VDB

ANCHORE-2025-6023

ANCHORE-2025-6023 PUBLISHED

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

Affected Products

VendorProductVersions
GrafanaGrafana11.6, 11.4, 11.3

Timeline

  • Jul 18, 2025 CVE Published
  • Jul 18, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›