CVE-2025-6197

EUVD-2025-21862
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality.


Prerequisites for exploitation:

- Multiple organizations must exist in the Grafana instance

- Victim must be on a different organization than the one specified in the URL
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.2 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
GRAFANACNA
4.2 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
grafana
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/
https://grafana.com/security/security-advisories/cve-2025-6197/