CVE-2025-8341

{"id": "CVE-2025-8341", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-8341", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-04T16:06:51.991213Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security@grafana.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}]}, "affected": [{"source": "security@grafana.com", "affectedData": [{"vendor": "Grafana", "product": "grafana-infinity-datasource", "versions": [{"status": "affected", "version": "0.6.0", "lessThan": "3.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}]}], "published": "2025-08-04T09:15:26.103", "references": [{"url": "https://github.com/grafana/grafana-infinity-datasource/releases/tag/v3.4.1", "source": "security@grafana.com"}, {"url": "https://grafana.com/security/security-advisories/cve-2025-8341/", "source": "security@grafana.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@grafana.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints.\n\n\nIf the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1."}, {"lang": "es", "value": "Grafana es una plataforma de c\u00f3digo abierto para la monitorizaci\u00f3n y la observabilidad. El complemento de origen de datos Infinity, mantenido por Grafana Labs, permite visualizar datos desde endpoints JSON, CSV, XML, GraphQL y HTML. Si el complemento estuviera configurado para permitir solo ciertas URL, un atacante podr\u00eda eludir esta restricci\u00f3n utilizando una URL especialmente manipulado. Esta vulnerabilidad se ha corregido en la versi\u00f3n 3.4.1."}], "lastModified": "2026-06-17T10:06:47.250", "sourceIdentifier": "security@grafana.com"}