VDB

CVE-2025-6023

CVE-2025-6023 PUBLISHED

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

EPSS 7.09% · 91.7th percentile

Risk Scores

EPSS Score
7.09%
91.7th percentile

Affected Products

VendorProductVersions
Bitnamigrafana11.3.0, 12.0.0
Bitnamigrafana11.3.0, 12.0.0

Timeline

  • Jul 17, 2025 CVE Published
  • Jul 18, 2025 EPSS Score
  • Jul 18, 2025 Coalition ESS Score
  • Jul 22, 2025 Coalition ESS Score
  • Jul 29, 2025 EPSS Score
  • Aug 5, 2025 EPSS Score
  • Aug 22, 2025 Coalition ESS Score
  • Aug 24, 2025 EPSS Score
  • Aug 26, 2025 Coalition ESS Score
  • Sep 2, 2025 EPSS Score
  • Sep 20, 2025 EPSS Score
  • Sep 29, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›