CVE-2025-6023

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.

The open redirect can be chained with path traversal vulnerabilities to achieve XSS.

Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

Published: Jul 18, 2025
Updated: Aug 11, 2025
CVE: CVE-2025-6023
GHSA: GHSA-vqph-p5vc-g644
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
github.com/grafana/grafana	-	1.9.2-0.20250521205822-0ba0b99665a9

https://github.com/grafana/grafana
https://github.com/grafana/grafana/commit/0ba0b99665a946cd96676ef85ec8bc83028cb1d7
https://github.com/grafana/grafana/commit/40ed88fe86d347bcde5ddaed6c4a20a95d2f0d55
https://github.com/grafana/grafana/commit/5b00e21638f565eed46acb4d0b7c009968df4c3b
https://github.com/grafana/grafana/commit/b6dd2b70c655c61b111b328f1a7dcca6b3954936
https://github.com/grafana/grafana/commit/e0ba4b480954f8a33aa2cff3229f6bcc05777bd9
https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023
https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/
https://grafana.com/security/security-advisories/cve-2025-6023
https://grafana.com/security/security-advisories/cve-2025-6023/

Vulnerability Database

CVE-2025-6023