CVE-2025-3415

MEDIUM EXPLOITED NUCLEI

Grafana - Information Disclosure

Title source: rule

Description

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01

Nuclei Templates (1)

Grafana - Exposes DingDing API Keys

MEDIUMVERIFIEDby lucasribolli

Shodan: http.title:"grafana" || cpe:"cpe:2.3:a:grafana:grafana"

FOFA: title="grafana" || app="grafana"

References (1)

[Various Sources] https://grafana.com/security/security-advisories/cve-2025-3415

Scores

CVSS v3 4.3

EPSS 0.0033

EPSS Percentile 55.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2025-08-07

CWE

CWE-200

Status published

Products (8)

grafana/grafana 0 - 1.9.2-0.20250514160932-04111e9f2afdGo

Grafana/Grafana 10.4.x - 10.4.19+security-01

Grafana/Grafana 11.2.x - 11.2.10+security-01

Grafana/Grafana 11.3.x - 11.3.7+security-01

Grafana/Grafana 11.4.x - 11.4.5+security-01

Grafana/Grafana 11.5.x - 11.5.5+security-01

Grafana/Grafana 11.6.x - 11.6.2+security-01

Grafana/Grafana 12.0.x - 12.0.1+security-01

Published Jul 17, 2025

Tracked Since Feb 18, 2026