Russian Vulnerability Scanner Database

Back to List

BDU:2025-06809

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

7.6high3.x
0246810

CVSS Score: 7.6/10

All CVSS Scores

CVSS 3.x
7.6

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

CVSS 2.0
9.0

Vector: AV:N/AC:L/Au:N/C:C/I:P/A:P

Description

Уязвимость компонента Custom Frontend Plugin платформы для мониторинга и наблюдения Grafana связана с неправильной нейтрализацией ввода во время создания веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществлять межсайтовые сценарные атаки (XSS)

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2025-4123

Exploits

Exploit ID: BDU:2025-06809

Source: bdu_exploit

URL: https://bdu.fstec.ru/vul

Exploit ID: 52491

Source: exploitdb

URL: https://www.exploit-db.com/exploits/52491

Exploit ID: CVE-2025-4123

Source: github-poc

URL: https://github.com/ItsNee/Grafana-CVE-2025-4123-POC

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-4123
https://access.redhat.com/security/cve/cve-2025-4123
https://grafana.com/grafana/plugins/instana-datasource/?tab=changelog
https://github.com/NightBloodz/CVE-2025-4123
https://t.me/bizone_channel/1899
https://grafana.com/security/security-advisories/cve-2025-4123/
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://lk.astra.ru/
(https://wiki.astralinux.ru/x/ziLoD)

Recommendations

Source: bdu

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться “Рекомендаций по безопасной настройке операционных систем LINUX”, изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.

Использование рекомендаций:
Для Grafana:
https://grafana.com/security/security-advisories/cve-2025-4123/

Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2025-4123

Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Для ПК «ALD Pro»:
обновление программного обеспечения, применение оперативного обновления ПК «ALD Pro» 2.4.2, предоставляемого в личном кабинете пользователя https://lk.astra.ru/ (https://wiki.astralinux.ru/x/ziLoD)

URL: https://bdu.fstec.ru/vul/2025-06809

Vulnerable Software (32)

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 8

Trait: 
{  "version_end_excluding": "11.5.4+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 8

Trait: 
{  "version_end_excluding": "11.6.1+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 8

Trait: 
{  "version_end_excluding": "12.0.0+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 8

Trait: 
{  "version_end_excluding": "10.4.18+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 8

Trait: 
{  "version_end_excluding": "11.2.9+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 8

Trait: 
{  "version_end_excluding": "11.3.6+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 8

Trait: 
{  "version_end_excluding": "11.4.4+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: redos 7.3

Trait: 
{  "version_end_excluding": "11.5.4+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: redos 7.3

Trait: 
{  "version_end_excluding": "11.6.1+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: redos 7.3

Trait: 
{  "version_end_excluding": "12.0.0+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: redos 7.3

Trait: 
{  "version_end_excluding": "10.4.18+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: redos 7.3

Trait: 
{  "version_end_excluding": "11.2.9+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: redos 7.3

Trait: 
{  "version_end_excluding": "11.3.6+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: redos 7.3

Trait: 
{  "version_end_excluding": "11.4.4+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 9

Trait: 
{  "version_end_excluding": "11.5.4+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 9

Trait: 
{  "version_end_excluding": "11.6.1+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 9

Trait: 
{  "version_end_excluding": "12.0.0+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 9

Trait: 
{  "version_end_excluding": "10.4.18+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 9

Trait: 
{  "version_end_excluding": "11.2.9+security-01"}

Source: bdu

Type: Configuration

Vendor: grafana labs

Product: grafana

Operating System: red hat enterprise linux 9

Trait: 
{  "version_end_excluding": "11.3.6+security-01"}

Source: bdu