CyberSecurityBoard
Sponsor Register Login

Grafana Vulnerabilities Allow User Redirection to Malicious Sites and Code Execution in Dashboards

This vulnerability requires specific conditions for exploitation: the Grafana instance must support multiple organizations, the targeted user must be a member of both organizations being switched between, and the attacker must possess knowledge of the organization ID currently being viewed. The more serious vulnerability, CVE-2025-6023, carries a CVSS score of 7.6 and represents a high-severity cross-site scripting (XSS) attack vector. What makes this vulnerability particularly dangerous is that it does not require editor permissions to exploit, and if anonymous access is enabled, the XSS attack becomes immediately viable. However, the open redirect mechanism can potentially be chained with other attacks to achieve XSS, similar to the patterns observed in CVE-2025-6023 and the previous vulnerability CVE-2025-4123. For CVE-2025-6197, administrators can block Grafana URLs beginning with /\ (%2F%5C) in their ingress configuration or limit instances to single organization deployments.

This Cyber News was published on cybersecuritynews.com. Publication date: Sun, 20 Jul 2025 06:15:55 +0000


Cyber News related to Grafana Vulnerabilities Allow User Redirection to Malicious Sites and Code Execution in Dashboards

Dashify: Solving Data Wrangling for Dashboards - Dashboards are data-driven user interfaces that are designed to be viewed, edited, and even created by product users. Product screens themselves are also built with dashboards. Here are just a few examples of the rapidly expanding use of Dashify ...
1 year ago Feedpress.me
15 Best Docker Monitoring Tools in 2025 - What is Good ?What Could Be Better ?cAdvisor monitors containers without much overhead because to its minimal resource footprint.Real-time monitoring is its main focus, and historical data storage is limited.It simplifies troubleshooting using ...
3 days ago Cybersecuritynews.com
CVE-2022-31107 - Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which ...
2 years ago
15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
2 months ago Cybersecuritynews.com
Grafana releases critical security update for Image Renderer plugin - Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. The Synthetic Monitoring Agent is part of Grafana Cloud's Synthetic Monitoring, used by ...
3 weeks ago Bleepingcomputer.com
CVE-2022-31176 - Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is ...
2 years ago
4500+ WordPress Sites Hacked with a Monero Cryptojacking Campaign - Security researchers recently reported the discovery of a massive Monero hacking campaign targeted at WordPress sites. According to reports, more than 4500 WordPress sites were compromised with a malicious cryptocurrency-mining campaign. The hackers ...
2 years ago Thehackernews.com
CVE-2022-29170 - Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The ...
2 years ago
CVE-2021-41090 - Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext ...
3 years ago
CVE-2022-21702 - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and ...
2 years ago
CVE-2023-5123 - The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific ...
1 year ago
Malware campaign 'DollyWay' breached 20,000 WordPress sites - A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. DollyWay v3 is an advanced redirection operation that targets vulnerable WordPress ...
4 months ago Bleepingcomputer.com
Grafana Vulnerabilities Allow User Redirection to Malicious Sites and Code Execution in Dashboards - This vulnerability requires specific conditions for exploitation: the Grafana instance must support multiple organizations, the targeted user must be a member of both organizations being switched between, and the attacker must possess knowledge of ...
1 week ago Cybersecuritynews.com CVE-2025-6023
20 Best SNMP Monitoring Tools in 2025 - What’s GoodWhat Could Be BetterAutodiscovery of network devices and quick setup, making deployment fast for large or dynamic environments.Community edition support is limited—reactive, primarily via forums, with no guaranteed ...
3 days ago Cybersecuritynews.com
10 Best Cloud Monitoring Tools in 2025 - What is Good?What Could Be Better?Unified, real-time monitoring across on-premises and cloud resources.Initial setup and management can be complex for new users.Flexible integration with third-party tools and existing solutions.User interface is less ...
1 day ago Cybersecuritynews.com
CVE-2022-21673 - Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will ...
2 years ago
CVE-2023-2801 - Grafana is an open-source platform for monitoring and observability. ...
2 years ago
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware - Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. The flaw leveraged in the attacks is tracked as CVE-2023-6000, a cross-site ...
1 year ago Bleepingcomputer.com CVE-2023-6000
CVE-2022-35957 - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and ...
2 years ago
CVE-2024-9476 - A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability ...
8 months ago Tenable.com
CVE-2024-50002 - In the Linux kernel, the following vulnerability has been resolved: static_call: Handle module init failure correctly in static_call_del_module() Module insertion invokes static_call_add_module() to initialize the static calls in a module. ...
9 months ago Tenable.com
Malware Operation 'DollyWay' Hacked 20,000+ WordPress Sites Globally - The DollyWay malware primarily targets WordPress sites, leveraging a network of compromised sites to redirect visitors to scam pages through traffic broker networks. It injects redirect scripts into sites using files like wp-content/counts.php. These ...
4 months ago Cybersecuritynews.com
WordPress ad-fraud plugins generated 1.4 billion ad requests per day - A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests. Scallywag was uncovered by bot and fraud detection ...
3 months ago Bleepingcomputer.com Cloak
75K+ WordPress Sites Impacted by Critical Plugin Flaws - A large-scale breach has impacted more than 75,000 WordPress sites that are running an online course plugin. According to security researchers, the plugin has three critical vulnerabilities that could expose customer data and be used to take over ...
2 years ago Bleepingcomputer.com
CVE-2020-13379 - The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)