CVE-2025-3415 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-3415 PUBLISHED

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01

EPSS 0.33% · 55.8th percentile

Risk Scores

EPSS Score

0.33%

55.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	10.4.0, 11.2.0, 12.0.0
Bitnami	grafana	10.4.0, 11.2.0, 12.0.0

Timeline

Jun 15, 2025 CVE Published
Jul 17, 2025 EPSS Score
Jul 17, 2025 Coalition ESS Score
Jul 26, 2025 EPSS Score
Aug 3, 2025 EPSS Score
Aug 8, 2025 Coalition ESS Score
Aug 12, 2025 EPSS Score
Aug 21, 2025 EPSS Score
Aug 26, 2025 Coalition ESS Score
Aug 29, 2025 EPSS Score
Sep 7, 2025 EPSS Score
Sep 16, 2025 EPSS Score

References

Open in Interactive Console →