CVE-2025-6197

{"id": "CVE-2025-6197", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@grafana.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.6}]}, "published": "2025-07-18T08:15:28.187", "references": [{"url": "https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/", "source": "security@grafana.com"}, {"url": "https://grafana.com/security/security-advisories/cve-2025-6197/", "source": "security@grafana.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@grafana.com", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "An open redirect vulnerability has been identified in Grafana OSS organization switching functionality.\n\n\nPrerequisites for exploitation:\n\n- Multiple organizations must exist in the Grafana instance\n\n- Victim must be on a different organization than the one specified in the URL"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de redirecci\u00f3n abierta en la funcionalidad de cambio de organizaci\u00f3n de Grafana OSS. Requisitos para su explotaci\u00f3n: - Deben existir varias organizaciones en la instancia de Grafana. - La v\u00edctima debe pertenecer a una organizaci\u00f3n diferente a la especificada en la URL."}], "lastModified": "2025-07-22T13:06:27.983", "sourceIdentifier": "security@grafana.com"}