CVE-2025-11539
published 2025-10-09CVE-2025-11539: Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv…
PriorityP267critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.58%
43.3th percentile
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process.
Instances are vulnerable if:
1. The default token ("authToken") is not changed, or is known to the attacker.
2. The attacker can reach the image renderer endpoint.
This issue affects grafana-image-renderer: from 1.0.0 through 4.0.16.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| grafana | grafana-image-renderer | 1.0.0 – 4.0.16 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-09
Published