Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE: Important Security Update for Grafana Vulnerabilities 2025:4482-1

suse
Calendar Grey December 18, 2025
Dist Suse Esm H88
SUSE updates Grafana to resolve multiple vulnerabilities, ensuring enhanced security and performance.
An update that solves seven vulnerabilities and contains two features can now be installed.

Summary

## This update for grafana fixes the following issues: grafana was updated from version 11.5.5 to 11.5.10: * Security issues fixed: * CVE-2025-64751: Dropped experimental implementation of authorization Zanzana server/client (version 11.5.10) (bsc#1254113) * CVE-2025-47911: Fixed parsing HTML documents (version 11.5.10) (bsc#1251454) * CVE-2025-58190: Fixed excessive memory consumption (version 11.5.10) (bsc#1251657) * CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616) * CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version 11.5.7) (bsc#1246735) * CVE-2025-6197: Fixed open redirect in organization switching (version 11.5.7) (bsc#1246736) * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer

References

* bsc#1245302

* bsc#1246735

* bsc#1246736

* bsc#1250616

* bsc#1251454

* bsc#1251657

* bsc#1254113

* jsc#MSQA-1034

* jsc#PED-14178

Cross-

* CVE-2025-11065

* CVE-2025-3415

* CVE-2025-47911

* CVE-2025-58190

* CVE-2025-6023

* CVE-2025-6197

* CVE-2025-64751

CVSS scores:

* CVE-2025-11065 ( SUSE ): 5.7

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

* CVE-2025-3415 ( SUSE ): 5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-3415 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-3415 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-47911 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:4482-1
Release Date: 2025-12-18T12:22:32Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here