{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-6197","assignerOrgId":"57da9224-a3e2-4646-9d0e-c4dc2e05e7da","state":"PUBLISHED","assignerShortName":"GRAFANA","dateReserved":"2025-06-17T07:22:18.547Z","datePublished":"2025-07-18T07:48:22.523Z","dateUpdated":"2025-07-18T13:46:01.307Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Grafana","vendor":"Grafana","versions":[{"lessThan":"12.0.2+security-01","status":"affected","version":"12.0.x","versionType":"semver"},{"lessThan":"11.6.3+security-01","status":"affected","version":"11.6.x","versionType":"semver"},{"lessThan":"11.5.6+security-01","status":"affected","version":"11.5.x","versionType":"semver"},{"lessThan":"11.4.6+security-01","status":"affected","version":"11.4.x","versionType":"semver"},{"lessThan":"11.3.8+security-01","status":"affected","version":"11.3.x","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Dat Phung"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>An open redirect vulnerability has been identified in Grafana OSS organization switching functionality.<br></p><p>Prerequisites for exploitation:</p><p>- Multiple organizations must exist in the Grafana instance</p><p>- Victim must be on a different organization than the one specified in the URL</p><p><br></p>"}],"value":"An open redirect vulnerability has been identified in Grafana OSS organization switching functionality.\n\n\nPrerequisites for exploitation:\n\n- Multiple organizations must exist in the Grafana instance\n\n- Victim must be on a different organization than the one specified in the URL"}],"impacts":[{"capecId":"CAPEC-194","descriptions":[{"lang":"en","value":"CAPEC-194"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.2,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-601","description":"CWE-601","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"57da9224-a3e2-4646-9d0e-c4dc2e05e7da","shortName":"GRAFANA","dateUpdated":"2025-07-18T07:49:16.382Z"},"references":[{"name":"Vulnerable code location","tags":["vendor-advisory"],"url":"https://grafana.com/security/security-advisories/cve-2025-6197/"},{"tags":["mitigation","release-notes"],"url":"https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-18T13:45:54.505880Z","id":"CVE-2025-6197","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-18T13:46:01.307Z"}}]}}