Threat actors could compromise 46,506 Grafana implementations or almost 36% of internet-exposed open-source infrastructure monitoring and visualization platform instances in attacks exploiting the client-side open redirect flaw, tracked as CVE-2025-4123, according to BleepingComputer.
Intrusions combining the vulnerability and open redirect techniques could deceive targets into clicking URLs resulting in malicious Grafana plugin loading and arbitrary JavaScript execution that would eventually lead to user session takeovers, account credential modifications, and server-side request forgery attacks, a report from OX Security revealed. More nefarious plugins could also be distributed through the abuse of Grafana's inconsistent URL handling mechanisms. While active user sessions, user interactions, activated plugin functionality are necessary for the exploit to work, Grafana's client-side enforcement restrictions have allowed the bypass of its default Content Security Policy. Admins have been advised to ensure that their Grafana instances are updated to versions 10.4.18+security-01, 11.2.9+security-01, 11.3.6+security-01, 11.4.4+security-01, 11.5.4+security-01, 11.6.1+security-01, and 12.0.0+security-01.
Intrusions combining the vulnerability and open redirect techniques could deceive targets into clicking URLs resulting in malicious Grafana plugin loading and arbitrary JavaScript execution that would eventually lead to user session takeovers, account credential modifications, and server-side request forgery attacks, a report from OX Security revealed. More nefarious plugins could also be distributed through the abuse of Grafana's inconsistent URL handling mechanisms. While active user sessions, user interactions, activated plugin functionality are necessary for the exploit to work, Grafana's client-side enforcement restrictions have allowed the bypass of its default Content Security Policy. Admins have been advised to ensure that their Grafana instances are updated to versions 10.4.18+security-01, 11.2.9+security-01, 11.3.6+security-01, 11.4.4+security-01, 11.5.4+security-01, 11.6.1+security-01, and 12.0.0+security-01.
