2381569 – (CVE-2025-6197) CVE-2025-6197 grafana: Open Redirect in Grafana

Bug 2381569 (CVE-2025-6197) - CVE-2025-6197 grafana: Open Redirect in Grafana

Summary: CVE-2025-6197 grafana: Open Redirect in Grafana

Keywords:
Status:	NEW
Alias:	CVE-2025-6197
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-17 02:27 UTC by OSIDB Bzimport
Modified:	2025-07-24 03:07 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-17 02:27:29 UTC

A vulnerability was found, an open redirect vulnerability in Grafana caused by the organization switching functionality. In order to make this exploitable, the Grafana instance must have more than one organization and the user being redirected needs to be a member of them both. Furthermore, the attacker needs to know the ID of the organization that the user is currently viewing.

Note You need to log in before you can comment on or make changes to this bug.