VIR Vulnerability Intelligence Relay

CVE-2025-4123

medium
Published 2025-05-19 · Modified 2025-05-26
CVSS v3
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
CVSS v2
VIR risk
6.1

Description

Important: grafana security update

Predictions

Exploit likelihood
71%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-7893.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-7894.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2364632

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:7894

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2025-4123.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:7894

vendor Authored 2026-05-27

Vendor advisory: security@grafana.com — https://grafana.com/security/security-advisories/cve-2025-4123/

vendor Authored 2026-05-27

Vendor advisory: security@grafana.com — https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:7893

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
rockylinux rocky8fixed
suse slesaffected

Package impact
EcosystemPackageVulnerableFixed
golang Gogithub.com/grafana/grafana<0.0.0-20250521183405-c7a690348df70.0.0-20250521183405-c7a690348df7
golang Gogithub.com/grafana/grafana
golang GOgithub.com/grafana/grafana< 0.0.0-20250521183405-c7a690348df70.0.0-20250521183405-c7a690348df7

Application impact
VendorProductVersionsFixed
grafanagrafana{"endExcluding":"10.4.18"}10.4.18
grafanagrafana10.4.18
grafanagrafana11.2.9
grafanagrafana11.3.6
grafanagrafana11.4.4
grafanagrafana11.5.4
grafanagrafana11.6.1
grafanagrafana12.0.0

References

CWEs

CWE-79 CWE-601

Verify integrity in audit chain (admin only). AS-IS.