Grafana has released security updates for all supported versions to address the high-severity CVE-2025-4123 XSS vulnerability. The vulnerability allows attackers to redirect users to malicious sites and execute arbitrary JavaScript, with patches released ahead of schedule after public disclosure. #Grafana #CVE20254123
Keypoints
- Grafana released security patches for versions 8.0 and above to fix CVE-2025-4123.
- The XSS vulnerability enables malicious redirects and JavaScript execution without requiring editor permissions.
- Impact includes potential session hijacking and complete account takeover if exploited.
- Cloud services like Amazon Managed Grafana and Azure Managed Grafana are unaffected.
- Users are advised to upgrade their Grafana instances or implement recommended content security policies to mitigate risks.