Over 46,000 Grafana Instances Vulnerable to Account Takeover
Over 46,000 Grafana instances remain unpatched despite a critical vulnerability (CVE-2025-4123) that allows attackers to execute malicious plugins and hijack accounts through a client-side open redirect flaw. The vulnerability, discovered by Alvaro Balada and addressed in May, affects multiple versions, but many remain vulnerable, posing a significant security risk. Upgrading to the latest secure versions is recommended to mitigate potential exploits.