CVE-2025-3260 – Grafana Dashboard Permission Bypass Vulnerability

June 2, 2025

CVE ID : CVE-2025-3260

Published : June 2, 2025, 10:15 a.m. | 1 hour, 7 minutes ago

Description : A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1).

Impact:

– Viewers can view all dashboards/folders regardless of permissions

– Editors can view/edit/delete all dashboards/folders regardless of permissions

– Editors can create dashboards in any folder regardless of permissions

– Anonymous users with viewer/editor roles are similarly affected

Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5439 – “Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 Facebook Like Command Injection Vulnerability”

Next Article CVE-2025-1750 – DuckDBVectorStore SQL Injection Remote Code Execution

Highlights

CVE-2025-48745 – Apache HTTP Server Remote Code Execution Vulnerability

June 2, 2025

CVE ID : CVE-2025-48745

Published : June 2, 2025, 1:15 p.m. | 1 hour, 56 minutes ago

Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-49113. Reason: This candidate is a reservation duplicate of CVE-2025-49113. Notes: All CVE users should reference CVE-2025-49113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

AI is currently in its teenage years, battling raging hormones

4 ways your organization can adapt and thrive in the age of AI

Google’s new Search tool turns financial info into interactive charts – how to try it

This rugged Android phone has something I’ve never seen on competing models

Anthropic’s new AI models for classified info are already in use by US gov

Handling PostgreSQL Migrations in Node.js

Handling PostgreSQL Migrations in Node.js

How to Add Product Badges in Optimizely Configured Commerce Spire

Salesforce Health Check Assessment Unlocks ROI

Microsoft: Run PS script now if you deleted “inetpub” on Windows 11, Windows 10

Microsoft: Run PS script now if you deleted “inetpub” on Windows 11, Windows 10

Spf Permerror Troubleshooting Guide For Better Email Deliverability Today

Amap – Gather Info in Easy Way

CVE-2025-3260 – Grafana Dashboard Permission Bypass Vulnerability

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

CVE-2024-56006 – Automattic Jetpack Debug Tools Missing Authorization Vulnerability

Puzzle-Game in pure C

FFmpeg: Il Coltellino Svizzero per i Contenuti Multimediali

Got a Microsoft Teams invite? Storm-2372 gang exploit device codes in global phishing attacks

CVE-2025-48745 – Apache HTTP Server Remote Code Execution Vulnerability

How to Download and Use Qwen 2.5 AI Chat App

Multi-tenant RAG with Amazon Bedrock Knowledge Bases

OpenAI’s Sam Altman claims AI will “gradually” replace software engineers — Creating an urgent need to master “AI tools”

CVE-2025-3260 – Grafana Dashboard Permission Bypass Vulnerability

Related Posts