CVE-2025-6023

Publication date 18 July 2025

Last updated 23 July 2025

Ubuntu priority

Cvss 3 Severity Score

Description

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

Status

Show unmaintained releases

Package	Ubuntu Release	Status
grafana	25.04 plucky	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	16.04 LTS xenial	Needs evaluation

How can I get the fixes?
What do statuses mean?

Severity score breakdown

Parameter	Value
Base score	7.6 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	Low
Availability impact	Low
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-6023
https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/
https://grafana.com/security/security-advisories/cve-2025-6023/