Home > Vulnerability Database > CVE-2025-6023

Mend.io Vulnerability Database

CVE-2025-6023

Good to know:

Date: July 18, 2025

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

Severity Score

7.6

Related Resources (13)

Url: https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/

Url: https://github.com/grafana/grafana/commit/40ed88fe86d347bcde5ddaed6c4a20a95d2f0d55

Url: https://github.com/grafana/grafana

Url: https://github.com/grafana/grafana/commit/0ba0b99665a946cd96676ef85ec8bc83028cb1d7

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-6023

Url: https://github.com/grafana/grafana/commit/b6dd2b70c655c61b111b328f1a7dcca6b3954936

Url: https://grafana.com/security/security-advisories/cve-2025-6023

Url: https://github.com/grafana/grafana/commit/e0ba4b480954f8a33aa2cff3229f6bcc05777bd9

Url: https://grafana.com/security/security-advisories/cve-2025-6023/

Url: https://github.com/advisories/GHSA-vqph-p5vc-g644

Url: https://github.com/grafana/grafana/commit/5b00e21638f565eed46acb4d0b7c009968df4c3b

Url: https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023

Url: https://www.mend.io/vulnerability-database/CVE-2025-6023

Severity Score

7.6

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version https://github.com/grafana/grafana.git - v12.0.2+security-01;https://github.com/grafana/grafana.git - v11.6.3+security-01;https://github.com/grafana/grafana.git - v11.5.6+security-01;https://github.com/grafana/grafana.git - v11.4.6+security-01;https://github.com/grafana/grafana.git - v11.3.8+security-01

Learn More

CVSS v3.1

Base Score:	7.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-6023

Good to know:

Date: July 18, 2025

Severity Score

Related Resources (13)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?