CVE-2025-6197NVD

Vulnerability Summary

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality.

Prerequisites for exploitation:

- Multiple organizations must exist in the Grafana instance

- Victim must be on a different organization than the one specified in the URL

Severity Level

MEDIUM(4.2)

Published Date

Jul 18, 2025

Last Modified

Jul 22, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-601: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityLow

IntegrityLow

AvailabilityNone

External References

https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/
https://grafana.com/security/security-advisories/cve-2025-6197/

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2025-6197NVD

Vulnerability Summary

External References