VDB
CVE-2025-6197
CVE-2025-6197
PUBLISHED
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL
EPSS 1.02% · 77.6th percentile
Risk Scores
EPSS Score
1.02%
77.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | grafana | 12.0.0, 11.3.0 |
| Bitnami | grafana | 11.3.0, 12.0.0 |
Exploit Intelligence
- CIRCL confirmed: CVE-2025-6197 (circl-sighting)
- CIRCL seen: CVE-2025-6197 (circl-sighting)
- CIRCL seen: CVE-2025-6197 (circl-sighting)
- CIRCL seen: CVE-2025-6197 (circl-sighting)
- CIRCL seen: CVE-2025-6197 (circl-sighting)
- CIRCL seen: CVE-2025-6197 (circl-sighting)
- CIRCL seen: CVE-2025-6197 (circl-sighting)
- CIRCL seen: CVE-2025-6197 (circl-sighting)
- https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/ (circl)
- Vulnerable code location (circl)
…and 8 more exploits
Timeline
- Jul 17, 2025 CVE Published
- Jul 18, 2025 EPSS Score
- Jul 18, 2025 Coalition ESS Score
- Jul 18, 2025 PoC Published
- Jul 18, 2025 PoC Published
- Jul 19, 2025 PoC Published
- Jul 22, 2025 Coalition ESS Score
- Jul 22, 2025 PoC Published
- Jul 22, 2025 PoC Published
- Jul 25, 2025 PoC Published
- Jul 27, 2025 EPSS Score
- Jul 30, 2025 PoC Published