CVE-2025-3415

CVE-2025-3415

Name

CVE-2025-3415

Description

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vendor-advisory	https://grafana.com/security/security-advisories/cve-2025-3415

Type

URI

vendor-advisory

https://grafana.com/security/security-advisories/cve-2025-3415

Match rules

Source package	Min version	Max version
grafana	>= 10.4.x	< 10.4.19+security-01
grafana	>= 11.2.x	< 11.2.10+security-01
grafana	>= 11.3.x	< 11.3.7+security-01
grafana	>= 11.4.x	< 11.4.5+security-01
grafana	>= 11.5.x	< 11.5.5+security-01
grafana	>= 11.6.x	< 11.6.2+security-01
grafana	>= 12.0.x	< 12.0.1+security-01

CPE URI

Source package

Min version

Max version

grafana

>= 10.4.x

< 10.4.19+security-01

grafana

>= 11.2.x

< 11.2.10+security-01

grafana

>= 11.3.x

< 11.3.7+security-01

grafana

>= 11.4.x

< 11.4.5+security-01

grafana

>= 11.5.x

< 11.5.5+security-01

grafana

>= 11.6.x

< 11.6.2+security-01

grafana

>= 12.0.x

< 12.0.1+security-01

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
grafana	edge-community	11.3.1-r0	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	11.3.2-r0	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	11.4.0-r0	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	11.4.0-r1	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	11.5.0-r0	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	11.5.1-r0	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	11.5.1-r1	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	11.5.2-r0	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	11.5.2-r1	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	11.6.0-r0	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	11.6.0-r1	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	11.6.0-r2	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	12.0.0-r0	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	edge-community	12.0.1-r0	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	3.22-community	11.3.1-r5	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	3.22-community	12.0.0-r1	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	3.22-community	12.0.0-r2	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable
grafana	3.22-community	12.0.0-r3	Konstantin Kulikov <k.kulikov2@gmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages