Issued:: 2025-06-09
Updated:: 2025-06-09

RHSA-2025:8684 - Security Advisory

Overview
Updated Packages

Synopsis

Important: grafana security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect (CVE-2025-4123)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2364632 - CVE-2025-4123 grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

CVEs

CVE-2025-4123

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
grafana-6.3.6-7.el8_2.src.rpm	SHA-256: c72682c54df8ff78d608c666b96b88f5da426d086175d014826fd0bf1cb85047
x86_64
grafana-6.3.6-7.el8_2.x86_64.rpm	SHA-256: 228e55f44d598796cb005bc2e20d84aaf085824f093c34f7c20d4038304cde90
grafana-azure-monitor-6.3.6-7.el8_2.x86_64.rpm	SHA-256: 908f8635fed68cfee9459c47c26f75dfe2ff233f506c716622a2dab03f3fbb5c
grafana-cloudwatch-6.3.6-7.el8_2.x86_64.rpm	SHA-256: b02593b7519c8d4964bde204265712adc1c54caf53a0f0d5bad1de9182e6b4ab
grafana-debuginfo-6.3.6-7.el8_2.x86_64.rpm	SHA-256: bd41dfc072c3b0cde6a428014171077d1a2ec97f8db2b9b1084939f96e2caafe
grafana-elasticsearch-6.3.6-7.el8_2.x86_64.rpm	SHA-256: c7e840c5f9716bcb3927e0487a600106d9bc04f4d3eb7ebf7bbfbf8c77d7e487
grafana-graphite-6.3.6-7.el8_2.x86_64.rpm	SHA-256: 7c2de704213acb9f7285d6bb031c604134adde3bfdff1cf363f65f4bbb255228
grafana-influxdb-6.3.6-7.el8_2.x86_64.rpm	SHA-256: 58e0dd3ff927e5f32d54d04028f60c1dc4e354bcc6c0a01bd4fa96eb71c2e57d
grafana-loki-6.3.6-7.el8_2.x86_64.rpm	SHA-256: b2164d3ae7c4f393033ee8ba4f0ad951569c53cf147b5ce993ff4c19fbc9cd60
grafana-mssql-6.3.6-7.el8_2.x86_64.rpm	SHA-256: 1cd57a9df7809865d0bcb1b8aa1ca6643c84cb502c54d59c36090e51892b3ce4
grafana-mysql-6.3.6-7.el8_2.x86_64.rpm	SHA-256: 3fb7fbe4fbb85ab33d9f4269463768f3716190ff3f86983a12efa2d45f13dd51
grafana-opentsdb-6.3.6-7.el8_2.x86_64.rpm	SHA-256: d2780424996f909985dc34dd6401a51df78390bfbade499654a1577522468678
grafana-postgres-6.3.6-7.el8_2.x86_64.rpm	SHA-256: 1442ccb4da32b732a1fdfe2f292021bd060c0b568e088f9a30348f73de4cb77b
grafana-prometheus-6.3.6-7.el8_2.x86_64.rpm	SHA-256: f958ffa5931c81a8a7d049fe28094407e45a5b6094cef2693d3b9c5ba4c70ed7
grafana-stackdriver-6.3.6-7.el8_2.x86_64.rpm	SHA-256: d51939ad5289679b6752f99f266e962c7a61cd3b038501c7cc13f65ab02f7552

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation