VYPR
Critical severity9.0OSV Advisory· Published Sep 8, 2025· Updated Apr 15, 2026

CVE-2025-58746

CVE-2025-58746

Description

The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary administrative actions. This is possible because the plugin allows arbitrary JavaScript code injection in the [Layout] → [Link] → [URL] field. Version 2.4.0 contains a fix for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • v1.0.0, v1.1.0, v1.2.0, …+ 1 more
    • (no CPE)range: v1.0.0, v1.1.0, v1.2.0, …
    • (no CPE)range: <2.4.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.