logo

Database

Uncontrolled external site redirect In grafana

Description

A flaw was found in Grafana, where the organization switching functionality caused an open redirect vulnerability. To make this exploitable, the Grafana instance must have more than one organization, and the user being redirected must be a member of both. Furthermore, the attacker needs to know the ID of the organization that the user is currently viewing.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package

Aliases

1. CVE-2025-61972. NVD-2025-61973. OSV-2025-6197

References

1. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-6197.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.