Critical severity9.0OSV Advisory· Published Sep 8, 2025· Updated Apr 15, 2026
CVE-2025-58746
CVE-2025-58746
Description
The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary administrative actions. This is possible because the plugin allows arbitrary JavaScript code injection in the [Layout] → [Link] → [URL] field. Version 2.4.0 contains a fix for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v1.0.0, v1.1.0, v1.2.0, …+ 1 more
- (no CPE)range: v1.0.0, v1.1.0, v1.2.0, …
- (no CPE)range: <2.4.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.