CVE-2025-6023: 
Grafana vulnerability analysis and mitigation

An open redirect vulnerability (CVE-2025-6023) was identified in Grafana OSS that can be exploited to achieve cross-site scripting (XSS) attacks. The vulnerability was introduced in Grafana v11.5.0 and was discovered on June 11, 2025, through Grafana's bug bounty program. The vulnerability affects Grafana OSS versions 11.5.0 and later, with fixes released in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, and 11.3.8+security-01 (Grafana Advisory, NVD).

The vulnerability combines client-side path traversal and open redirect mechanisms to enable cross-site scripting attacks. The vulnerability has received a CVSS v3.1 score of 7.6 (High) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L. Unlike many XSS vulnerabilities, this one does not require editor permissions, making it particularly dangerous when anonymous access is enabled. For Grafana Cloud users, the vulnerability was especially impactful due to a missing connect-src directive in the Content Security Policy (CSP), allowing attackers to load malicious external scripts without direct access to the Grafana instance (Security Online).

The vulnerability enables attackers to redirect users to external websites and execute malicious JavaScript within their browsers. Successful exploitation could lead to session hijacking, complete account takeover, and persistent access to sensitive monitoring dashboards. The attack can be executed against any authenticated user with at least Viewer permissions, even without the attacker having direct access to the Grafana instance (Grafana Blog).

Organizations can mitigate this vulnerability by upgrading to the patched versions: 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, or 11.3.8+security-01. Alternatively, organizations can implement the default Content Security Policy configuration as documented by Grafana, which includes specific script-src, object-src, and connect-src directives to prevent malicious script execution (Grafana Blog).

Grafana Labs coordinated closely with cloud providers licensed to offer Grafana Cloud Pro, including Amazon Managed Grafana and Azure Managed Grafana, ensuring their offerings were secured before public disclosure. The vulnerability was discovered through Grafana's bug bounty program by Hoa X. Nguyen from OPSWAT, demonstrating the effectiveness of their security research program (Grafana Blog).