CVE-2025-6197

low-risk

Published 2025-07-18

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL

Do I need to act?

0.60% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.2/10 Medium

NETWORK / HIGH complexity

References (2)

https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-sev...

https://grafana.com/security/security-advisories/cve-2025-6197/

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal