Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

Vulnerability IntelligenceCVE-2025-6023

CVE-2025-6023

HIGH7.6

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks

Published Jul 18, 2025

Modified 7 months ago

Details

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.

The open redirect can be chained with path traversal vulnerabilities to achieve XSS.

Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

References

WEB

https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/

ADVISORY

https://grafana.com/security/security-advisories/cve-2025-6023/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-6023

CVSS Analysis

CVSS v3.1

7.6

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

LowI:L

Availability

LowA:L

7.6/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Weakness Type (CWE)

Injection

CWE-79

Cross-site Scripting (XSS)

Input Validation

CWE-601

Open Redirect

Ecosystems

Timeline

PublishedJul 18, 2025

ModifiedJul 18, 2025

CVE-2025-6023 | Mondoo Vulnerability Intelligence