Grafana Labs Product Security Update Advisory

Jul 11 2025

Overview

We have released a security update to fix vulnerabilities in Grafana Labs products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-6191, CVE-2025-6192

Grafana Image Renderer plugin version: less than 3.12.9
Synthetic Monitoring Agent version: less than 0.38.3

Resolved Vulnerabilities

Out-of-bounds memory access vulnerability in Grafana Image Renderer plugin and Synthetic Monitoring Agent (CVE-2025-6191)
Use after free vulnerability in Grafana Image Renderer plugin and Synthetic Monitoring Agent (CVE-2025-6192)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

Cve-2025-6191, cve-2025-6192

Grafana Image Renderer plugin version: 3.12.9 or higher
Synthetic Monitoring Agent version: 0.38.3 or later

Referenced Sites

[1] Grafana security update: Critical severity security release for CVE-2025-5959, CVE-2025-6554, CVE-2025-6191 and CVE-2025-6192 in Grafana Image Renderer plugin and Synthetic Monitoring Agent
https://grafana.com/blog/2025/07/02/grafana-security-update-critical-severity-security-release-for-cve-2025-5959-cve-2025-6554-cve-2025-6191-and-cve-2025-6192-in-grafana-image-renderer-plugin-and-synthetic-monitoring-agent/

Grafana Labs Product Security Update Advisory

IBM Product Security Update Advisory (CVE-2025-36014)

Apache Tomcat July 07 Secondary Security Update Advisory

Tags:

IBM Product Security Update Advisory (CVE-2025-36014)

Apache Tomcat July 07 Secondary Security Update Advisory