A new high-severity vulnerability, CVE-2025-4123, has been discovered in Grafana, a widely used open-source observability platform. Dubbed “The Grafana Ghost,” this vulnerability stems from an open redirect flaw that can lead to stored cross-site scripting (XSS), account takeover and server-side request forgery (SSRF).
Despite the release of patched versions, over 46,000 vulnerable Grafana instances are still publicly exposed, underscoring the urgency for immediate mitigation.
https://www.indusface.com/blog/cve-2025 ... erability/