Home > Vulnerability Database > CVE-2025-8341

Mend.io Vulnerability Database

CVE-2025-8341

Good to know:

Date: August 4, 2025

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.

Severity Score

5.0

Related Resources (8)

Url: https://github.com/advisories/GHSA-3c93-92r7-j934

Url: https://grafana.com/security/security-advisories/cve-2025-8341/

Url: https://grafana.com/security/security-advisories/cve-2025-8341

Url: https://github.com/grafana/grafana-infinity-datasource/commit/9c736aa21b3a669d3070d3f5f80d949326fafa77

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-8341

Url: https://github.com/grafana/grafana-infinity-datasource/releases/tag/v3.4.1

Url: https://github.com/grafana/grafana-infinity-datasource

Url: https://www.mend.io/vulnerability-database/CVE-2025-8341

Severity Score

5.0

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version github.com/grafana/grafana-infinity-datasource - v3.4.2;github.com/grafana/grafana-infinity-datasource - v1.4.2-0.20250731100004-9c736aa21b3a

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-8341

Good to know:

Date: August 4, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?