CVE-2025-6197
BaseFortify
Publication date: 2025-07-18
Last updated on: 2025-07-22
Assigner: Grafana Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| grafana | grafana | 11.5.6+security-01 |
| grafana | grafana | 11.4.6+security-01 |
| grafana | grafana | 11.6.3+security-01 |
| grafana | grafana | 12.0.2+security-01 |
| grafana | grafana | 11.3.8+security-01 |
| grafana | grafana | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6197 is an open redirect vulnerability in the organization switching functionality of Grafana OSS. It occurs when multiple organizations exist in a Grafana instance and a user is logged into a different organization than the one specified in the URL. An attacker can craft URLs that redirect users to arbitrary external websites during the organization switching process. [1]
How can this vulnerability impact me? :
This vulnerability can cause users to be redirected to malicious external websites when switching organizations within Grafana. This could lead to phishing attacks or exposure to malicious content. Although the CVSS score is moderate (4.2), the impact includes potential loss of confidentiality and integrity due to redirection to harmful sites. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking if your Grafana instance is running a vulnerable version prior to the patched releases (versions before 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, or 11.3.8+security-01). You can verify the Grafana version by running the command: `grafana-server -v` or checking the version in the Grafana UI under Server Admin > Server Stats. Additionally, monitoring HTTP requests for suspicious organization switching URLs that redirect to external sites may help detect exploitation attempts. For example, inspecting web server logs or using network monitoring tools to look for URLs containing organization switching parameters redirecting to external domains. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading your Grafana instance to one of the patched versions: 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, or 11.3.8+security-01. If upgrading immediately is not possible, enforce a strict Content Security Policy (CSP) as recommended by Grafana, which restricts script sources and other potentially dangerous content. An example CSP configuration is provided in the Grafana security advisory and should be applied in your Grafana configuration to reduce the risk of exploitation. [1, 2]