Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-4123

HIGH
Published 2025-05-22T07:44:09.491Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-4123. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.6
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.015
probability
of exploitation in the wild

There is a 1.5% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.804
Higher than 80.4% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
LOW
Availability
LOW

Description

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.

The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Grafana

Grafana

Affected Versions:

10.4.18+security-01 11.2.9+security-01 11.3.6+security-01 11.4.4+security-01 11.5.4+security-01 11.6.1+security-01 12.0.0+security-01

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.

The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

Affected Products (ENISA)

grafana
grafana

ENISA Scoring

CVSS Score (3.1)

7.6
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

EPSS Score

1.420
probability

ENISA References

https://grafana.com/security/security-advisories/cve-2025-4123/
https://nvd.nist.gov/vuln/detail/CVE-2025-4123
https://github.com/grafana/grafana/commit/c7a690348df761d41b659224cbc50a46a0c0e4cc
https://pkg.go.dev/vuln/GO-2025-3702
https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/

Data provided by ENISA EU Vulnerability Database. Last updated: July 22, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin

GHSA-q53q-gxq9-mgrj

Advisory Details

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

Affected Packages

Go github.com/grafana/grafana
ECOSYSTEM: ≥0 <0.0.0-20250521183405-c7a690348df7

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-4123
WEB https://github.com/grafana/grafana/commit/c7a690348df761d41b659224cbc50a46a0c0e4cc
PACKAGE https://github.com/grafana/grafana
WEB https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580
WEB https://grafana.com/security/security-advisories/cve-2025-4123
WEB https://pkg.go.dev/vuln/GO-2025-3702

Advisory provided by GitHub Security Advisory Database. Published: May 22, 2025, Modified: July 21, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

7 posts
Reddit 1 month ago
MauriceTorres
Exploit PoC

𝐓𝐨𝐝𝐚𝐲'𝐬 𝐏𝐚𝐭𝐜𝐡 𝐓𝐮𝐞𝐬𝐝𝐚𝐲 𝐨𝐯𝐞𝐫𝐯𝐢𝐞𝐰 • Microsoft has addressed 𝟏𝟑𝟕 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐢𝐞𝐬, 𝐧𝐨 𝐳𝐞𝐫𝐨-𝐝𝐚𝐲𝐬, 𝟏𝟒 𝐜𝐫𝐢𝐭𝐢𝐜𝐚𝐥 and 𝐨𝐧𝐞 𝐰𝐢𝐭𝐡 𝐏𝐨𝐂 • Third-party: web browsers, Linux Sudo, Citrix NetScaler, Cisco, WordPress, WinRAR, Brother printers, GitHub, Teleport, Veeam, Grafana, Palo Alto Networks, and Trend Micro. Navigate to 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐃𝐢𝐠𝐞𝐬𝐭 𝐟𝐫𝐨𝐦 𝐀𝐜𝐭𝐢𝐨𝐧𝟏 for comprehensive summary …

Also mentions: CVE-2025-20309 CVE-2025-6554 CVE-2025-6463 CVE-2024-51978 CVE-2025-32463 CVE-2025-32462 CVE-2024-51977 CVE-2025-20282 CVE-2025-20281 CVE-2025-49212 CVE-2025-23121 CVE-2025-49825 CVE-2025-49220 CVE-2025-5777 CVE-2025-4232 CVE-2025-4231 CVE-2025-4230 CVE-2025-33053 CVE-2025-3509
11
11.0
View Original High Risk
Reddit 1 month, 3 weeks ago
crstux
Exploit

🔥 Top 10 Trending CVEs (18/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2023-33538](https://nvd.nist.gov/vuln/detail/CVE-2023-33538)** - 📝 TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . - 📅 **Published:** 07/06/2023 - 📈 **CVSS:** …

Also mentions: CVE-2025-47955 CVE-2025-0133 CVE-2025-49113 CVE-2024-55591 CVE-2023-33538
3
3.0
View Original High Risk
Reddit 1 month, 3 weeks ago
incomplete_
Exploit

severe grafana CVE: patch now or forever hold your peace (CVE-2025-4123 Grafana) there's a pretty significant cross-site scripting vulnerability in many versions of grafana... ''' A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to …

5
1
7.0
View Original High Risk
Reddit 1 month, 3 weeks ago
crstux
Exploit

🔥 Top 10 Trending CVEs (17/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-3464](https://nvd.nist.gov/vuln/detail/CVE-2025-3464)** - 📝 A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the Security Update for Armoury …

Also mentions: CVE-2025-3464 CVE-2025-36631 CVE-2025-4275 CVE-2025-33073 CVE-2025-0133 CVE-2025-49113 CVE-2025-26685 CVE-2024-34351
1
1.0
View Original High Risk
Reddit 1 month, 3 weeks ago
crstux
Exploit

🔥 Top 10 Trending CVEs (16/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-0133](https://nvd.nist.gov/vuln/detail/CVE-2025-0133)** - 📝 A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of …

Also mentions: CVE-2025-32717 CVE-2025-33053 CVE-2025-4275 CVE-2025-33073 CVE-2025-0133 CVE-2025-49113 CVE-2025-26685 CVE-2025-21420 CVE-2024-43468
2
2.0
View Original High Risk
Reddit 1 month, 3 weeks ago
tugatech

'Grafana Ghost': vulnerabilidade CVE-2025-4123 permite roubo de contas em milhares de servidores 'Grafana Ghost': vulnerabilidade CVE-2025-4123 permite roubo de contas em milhares de servidores\ \ https://tugatech.com.pt/t68205-grafana-ghost-vulnerabilidade-cve-2025-4123-permite-roubo-de-contas-em-milhares-de-servidores

1
1.0
View Original
Reddit 1 month, 3 weeks ago
Dark-Marc

Over 46,000 Grafana Instances Risk Account Takeover **A significant vulnerability has left over 46,000 Grafana instances exposed to potential account takeover attacks.** **Key Points:** - CVE-2025-4123 allows attackers to hijack user sessions - More than a third of Grafana instances remain unpatched - The flaw can execute malicious plugins without …

2
1
4.0
View Original

References

https://grafana.com/security/security-advisories/cve-2025-4123/
https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/
Published: 2025-05-22T07:44:09.491Z
Last Modified: 2025-07-22T14:11:46.732Z
Copied to clipboard!