Critical Grafana Flaws Enable Malicious Redirects & Code Execution, Patch Immediately

Two severe vulnerabilities, CVE‑2025‑6023 and CVE‑2025‑6197, have been discovered in Grafana versions 11.3–12.0. Attackers can exploit an XSS flaw via open redirects and path traversal to execute arbitrary JavaScript—without needing editor rights—leading to session hijacking and account takeover. A medium-grade open-redirect bug in organization switching could also escalate attacks. Grafana Labs has released security updates; users must upgrade or apply CSP policy and ingress fixes immediately.

Categories

Critical Grafana Flaws Enable Malicious Redirects & Code Execution, Patch Immediately

Also Read

OpenAI Partners with Google Cloud to Scale AI Compute Capacity

IBM Launches Agentic AI Innovation Center in Bengaluru to Power Enterprise AI Agents

Trump Signs GENIUS Act, Creating First U.S. Stablecoin Framework

Perplexity AI Eyes Mobile Dominance by Pre-Installing Comet AI Browser with OEMs

Reliance Launches Ajio Rush for 4‑Hour Fashion Delivery Amid Quick Commerce Boom

Microsoft to Sign EU AI Code of Practice as Meta Opts Out, Splitting Big Tech

IIT Students Tape Out 8 Chipsets, Sent to Fabs Under India Semiconductor Push

xAI’s Grok Teased with Meme Generator Feature—“Something Very Cool Is Brewing”

Microsoft to Embrace EU AI Code of Practice, While Meta Opts Out Over Legal Concerns

Subscribe To Our Newsletter.