Vulnerability DatabaseCVE-2025-3415
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-3415
July 17, 2025
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01
Affected Packages
https://github.com/grafana/grafana.git (GITHUB):
Affected version(s) >=v11.6.0 <v11.6.2+security-01
Fix Suggestion:
Update to version v11.6.2+security-01
https://github.com/grafana/grafana.git (GITHUB):
Affected version(s) >=v11.2.0 <v11.2.10+security-01
Fix Suggestion:
Update to version v11.2.10+security-01
https://github.com/grafana/grafana.git (GITHUB):
Affected version(s) >=v11.4.0 <v11.4.5+security-01
Fix Suggestion:
Update to version v11.4.5+security-01
https://github.com/grafana/grafana.git (GITHUB):
Affected version(s) >=v11.3.0 <v11.3.7+security-01
Fix Suggestion:
Update to version v11.3.7+security-01
https://github.com/grafana/grafana.git (GITHUB):
Affected version(s) >=v12.0.0 <v12.0.1+security-01
Fix Suggestion:
Update to version v12.0.1+security-01
https://github.com/grafana/grafana.git (GITHUB):
Affected version(s) >=v10.4.0 <v10.4.19+security-01
Fix Suggestion:
Update to version v10.4.19+security-01
https://github.com/grafana/grafana.git (GITHUB):
Affected version(s) >=v11.5.0 <v11.5.5+security-01
Fix Suggestion:
Update to version v11.5.5+security-01
Additional Notes
The description of this vulnerability differs from MITRE.
Related ResourcesĀ (11)
https://grafana.com/security/security-advisories/cve-2025-3415
https://github.com/grafana/grafana/commit/19c912476d4f7a81e8a3562668bc38f31b909e18
https://nvd.nist.gov/vuln/detail/CVE-2025-3415
https://github.com/grafana/grafana/commit/910eb1dd9e618014c6b1d2a99a431b99d4268c05
https://github.com/grafana/grafana/commit/04111e9f2afd95ea3e5b01865cc29d3fc1198e71
https://github.com/grafana/grafana/commit/0adb869188fa2b9ae26efd424b94e17189538f29
https://github.com/grafana/grafana/commit/4fc33647a8297d3a0aae04a5fcbac883ceb6a655
https://github.com/grafana/grafana/commit/4144c636d1a6d0b17fafcf7a2c40fa403542202a
https://github.com/grafana/grafana
https://github.com/grafana/grafana/commit/91327938626c9426e481e6294850af7b61415c98
https://github.com/grafana/grafana/commit/a78de30720b4f33c88d0c1a973e693ebf3831717
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200
EPSS
Base Score:
0.33