Grafana Security Update Advisory (CVE-2025-4123)

Sep 12 2025

Overview

We have released a security update to address a vulnerability in Grafana. We encourage affected product users to update to the latest version.

Affected Products

CVE-2025-4123

Grafana Version: 10.4.18+security-01 and earlier
Grafana Version: 11.2.9+security-01 or earlier
Grafana version: 11.3.6+security-01 or earlier
Grafana version: less than 11.4.4+security-01
Grafana version: less than 11.5.4+security-01
Grafana version: less than 11.6.1+security-01
Grafana version: less than 12.0.0+security-01

Resolved Vulnerabilities

XSS vulnerability due to open redirects and path bypass in Grafana (CVE-2025-4123)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-4123

Grafana version: 10.4.18+security-01 and higher
Grafana version: 11.2.9+security-01 or later
Grafana Version : 11.3.6+security-01 or higher
Grafana version : 11.4.4+security-01 or later
Grafana version : 11.5.4+security-01 or later
Grafana version : 11.6.1+security-01 or later
Grafana version : 12.0.0+security-01 or later

References

[1] Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin
https://grafana.com/security/security-advisories/cve-2025-4123/

Grafana Security Update Advisory (CVE-2025-4123)

Siemens Product Family September 2025 Routine Security Update Advisory

Argo CD Security Update Advisory (CVE-2025-55190)

Tags:

Siemens Product Family September 2025 Routine Security Update Advisory

Argo CD Security Update Advisory (CVE-2025-55190)