Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-6197Open Redirect in Grafana

CWE-601Open Redirect6 documents6 sources
Severity
4.2MEDIUMNVD
EPSS
0.6%
top 30.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Grafana
Timeline
PublishedJul 18
Latest updateJul 22

Description

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages1 packages

CVEListV5grafana/grafana12.0.x12.0.2+security-01+4

🔴Vulnerability Details

3
OSV
CVE-2025-6197: An open redirect vulnerability has been identified in Grafana OSS organization switching functionality2025-07-18
GHSA
GHSA-jvcj-qc86-j594: An open redirect vulnerability has been identified in Grafana OSS organization switching functionality2025-07-18
CVEList
CVE-2025-6197: An open redirect vulnerability has been identified in Grafana OSS organization switching functionality2025-07-18

💥Exploits & PoCs

1
Nuclei
Open Redirect via Organization Switching

📋Vendor Advisories

1
Red Hat
grafana: Open Redirect in Grafana2025-07-22
CVE-2025-6197 — Open Redirect in Grafana | cvebase