Critical Grafana Flaws Enable Malicious Redirects & Code Execution, Patch Immediately

Two severe vulnerabilities, CVE‑2025‑6023 and CVE‑2025‑6197, have been discovered in Grafana versions 11.3–12.0. Attackers can exploit an XSS flaw via open redirects and path traversal to execute arbitrary JavaScript—without needing editor rights—leading to session hijacking and account takeover. A medium-grade open-redirect bug in organization switching could also escalate attacks. Grafana Labs has released security updates; users must upgrade or apply CSP policy and ingress fixes immediately.

Categories

Critical Grafana Flaws Enable Malicious Redirects & Code Execution, Patch Immediately

Also Read

YouTube Updates Monetization Policies for Content Covering Sensitive Topics

India Bolsters Defense Space Strategy at DefSpace Capability Dialogue

OpenAI Moves to Reassure Investors Amid Escalating Legal Battle with Elon Musk

OpenAI to Introduce Advertisements in ChatGPT Free and Plus Tiers for Revenue Growth

Arista Vault Co-founder Purvi Roy Honored with National Startup Award 2026

India’s Startup Ecosystem Explodes with 44,000 New Registrations in 2025

Tennessee Man Pleads Guilty to Hacking U.S. Supreme Court and Federal Systems

US FTC to Scrutinize Big Tech’s Talent Acquisition Deals Amid Antitrust Concerns

Anti-Doomscrolling Influencers: The New Warriors Fighting Social Media Addiction

Download the TechShots App

Subscribe To Our Newsletter.