CVE-2025-8341

SSRF in Infinity Datasource Plugin

CVSS 5 MEDIUMEPSS 0.3%CWE-918

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5EPSS 0.3%KEV nãoPoC —Patch referenciado

Ciclo de vida

04 ago 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Produtos afetados

Grafana · grafana-infinity-datasource

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/grafana/grafana-infinity-datasource/releases/tag/v3.4.1 https://grafana.com/security/security-advisories/cve-2025-8341/