vulnerability
FreeBSD: VID-310f5923-211c-11f0-8ca6-6c3be5272acd (CVE-2025-3454): Grafana -- Authorization bypass in data source proxy API
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Apr 24, 2025 | Dec 10, 2025 | Dec 10, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Apr 24, 2025
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Grafana Labs reports: This vulnerability, which was discovered while reviewing a pull request from an external contributor, effects Grafana’s data source proxy API and allows authorization checks to be bypassed by adding an extra slash character (/) in the URL path. Among Grafana-maintained data sources, the vulnerability only affects the read paths of Prometheus (all flavors) and Alertmanager when configured with basic authorization. The CVSS score for this vulnerability is 5.0 MEDIUM.
Solutions
freebsd-upgrade-package-grafanafreebsd-upgrade-package-grafana8freebsd-upgrade-package-grafana9
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.