VYPR
High severity7.6GHSA Advisory· Published Jul 18, 2025· Updated Apr 15, 2026

CVE-2025-6023

CVE-2025-6023

Description

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.

The open redirect can be chained with path traversal vulnerabilities to achieve XSS.

Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/grafana/grafanaGo
< 1.9.2-0.20250521205822-0ba0b99665a91.9.2-0.20250521205822-0ba0b99665a9

Affected products

53

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.