cbcvebase.
CVE-2025-6197
published 2025-07-18

CVE-2025-6197: An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple…

PriorityP429medium4.2CVSS 3.1
AVNACHPRNUIRSUCLILAN
EXPLOIT
EPSS
3.71%
88.4th percentile
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL

Affected

5 ranges
VendorProductVersion rangeFixed in
grafanagrafana>= 11.3.x < 11.3.8+security-0111.3.8+security-01
grafanagrafana>= 11.4.x < 11.4.6+security-0111.4.6+security-01
grafanagrafana>= 11.5.x < 11.5.6+security-0111.5.6+security-01
grafanagrafana>= 11.6.x < 11.6.3+security-0111.6.3+security-01
grafanagrafana>= 12.0.x < 12.0.2+security-0112.0.2+security-01

CVSS provenance

nvdv3.14.2MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
osv4.2MEDIUM
vendor_redhat4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.