Description

Grafana is vulnerable to an open redirect vulnerability. The vulnerability allows attackers to craft URLs that redirect users to arbitrary destinations. This flaw can be chained with other attacks, such as Server-Side Request Forgery (SSRF) or Account Takeover (ATO).

Remediation

Upgrade to the latest version of Grafana

References

Grafana Security Blog Post

Research Article on Exploitation

Related Vulnerabilities

CKEditor Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-26272)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43723)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4903)

Multiple SugarCRM Products Remote Code Execution Vulnerability (CVE-2023-22952)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41164)

Severity

High

Classification

CVE-2025-4123 CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Url Redirection Known Vulnerabilities