cbcvebase.
CVE-2025-11539
published 2025-10-09

CVE-2025-11539: Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv…

PriorityP267critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.58%
43.3th percentile
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process. Instances are vulnerable if: 1. The default token ("authToken") is not changed, or is known to the attacker. 2. The attacker can reach the image renderer endpoint. This issue affects grafana-image-renderer: from 1.0.0 through 4.0.16.

Affected

1 ranges
VendorProductVersion rangeFixed in
grafanagrafana-image-renderer1.0.0 – 4.0.16
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.