VDB
CVE-2025-3415
CVE-2025-3415
PUBLISHED
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01
EPSS 0.44% · 63.5th percentile
Risk Scores
EPSS Score
0.44%
63.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | grafana | 11.2.0, 12.0.0, 10.4.0 |
| Bitnami | grafana | 12.0.0, 10.4.0, 11.2.0 |
Exploit Intelligence
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
…and 11 more exploits
Timeline
- Jun 15, 2025 CVE Published
- Jul 17, 2025 EPSS Score
- Jul 17, 2025 Coalition ESS Score
- Jul 22, 2025 CVE Updated
- Jul 26, 2025 EPSS Score
- Aug 4, 2025 EPSS Score
- Aug 8, 2025 Coalition ESS Score
- Aug 14, 2025 EPSS Score
- Aug 23, 2025 EPSS Score
- Aug 26, 2025 Coalition ESS Score
- Sep 1, 2025 EPSS Score
- Sep 10, 2025 EPSS Score