A client-side open redirect vulnerability has left over 46,000 unpatched internet-facing Grafana instances exposed. The flaw, tracked as CVE-2025-4123, allows attackers to execute a malicious plugin and hijack user accounts. Researchers at OX Security discovered the bug and found that more than 36% of all exposed instances still run vulnerable versions. Attackers can exploit this vulnerability by luring users into clicking on malicious URLs, which load arbitrary JavaScript in the browser. The attack can bypass modern browser normalization mechanisms and modify user email addresses, making account hijacking via password resets trivial. To mitigate the risk, Grafana administrators are recommended to upgrade to secure versions.
Source: https://www.bleepingcomputer.com/news/security/over-46-000-grafana-instances-exposed-to-account-takeover-bug