Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2025-4123 — Cross-site Scripting in Grafana
CWE-79 — Cross-site ScriptingCWE-601 — Open RedirectCWE-23 — Relative Path Traversal15 documents12 sources
Severity
6.1MEDIUMNVD
CNA7.6VulnCheck7.6
EPSS
3.9%
top 11.76%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMay 22
Latest updateApr 6
Description
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages3 packages
🔴Vulnerability Details
6OSV▶
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin in github.com/grafana/grafana↗2025-05-27
OSV▶
CVE-2025-4123: A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect↗2025-05-22
CVEList▶
CVE-2025-4123: A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect↗2025-05-22
💥Exploits & PoCs
2Nuclei▶
Grafana - XSS / Open Redirect / SSRF via Client Path Traversal
🔍Detection Rules
2📋Vendor Advisories
2Red Hat▶
grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect↗2025-05-15
Microsoft▶
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.↗2022-12-13