CVE-2025-8341 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-8341 Interim 1 5 2026-03-05T01:28:48Z current 2025-08-13T23:32:45Z 2026-03-05T01:28:48Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-8341 Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-updates/2025-August/041294.html E-Mail link for SUSE-SU-2025:02912-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container suse/sl-micro/6.0/base-os-container:latest Container suse/sl-micro/6.0/toolbox:latest Image SL-Micro Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE SUSE Linux Enterprise Server 16.0 openSUSE Tumbleweed ca-certificates-mozilla-2.84-slfo.1.1_1.1 govulncheck-vulndb-0.0.20250811T192933-1.1 govulncheck-vulndb-0.0.20250814T182633-160000.1.2 shim-15.8-1.1 ca-certificates-mozilla-2.84-slfo.1.1_1.1 as a component of Container suse/sl-micro/6.0/base-os-container:latest shim-15.8-1.1 as a component of Container suse/sl-micro/6.0/base-os-container:latest ca-certificates-mozilla-2.84-slfo.1.1_1.1 as a component of Container suse/sl-micro/6.0/toolbox:latest ca-certificates-mozilla-2.84-slfo.1.1_1.1 as a component of Image SL-Micro shim-15.8-1.1 as a component of Image SL-Micro ca-certificates-mozilla-2.84-slfo.1.1_1.1 as a component of Image SLE-Micro shim-15.8-1.1 as a component of Image SLE-Micro shim-15.8-1.1 as a component of Image SLE-Micro-Azure shim-15.8-1.1 as a component of Image SLE-Micro-BYOS shim-15.8-1.1 as a component of Image SLE-Micro-BYOS-Azure shim-15.8-1.1 as a component of Image SLE-Micro-BYOS-EC2 shim-15.8-1.1 as a component of Image SLE-Micro-BYOS-GCE ca-certificates-mozilla-2.84-slfo.1.1_1.1 as a component of Image SLE-Micro-EC2 shim-15.8-1.1 as a component of Image SLE-Micro-EC2 shim-15.8-1.1 as a component of Image SLE-Micro-GCE govulncheck-vulndb-0.0.20250814T182633-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 govulncheck-vulndb-0.0.20250811T192933-1.1 as a component of openSUSE Tumbleweed Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1. CVE-2025-8341 Container suse/sl-micro/6.0/base-os-container:latest:ca-certificates-mozilla-2.84-slfo.1.1_1.1 Container suse/sl-micro/6.0/base-os-container:latest:shim-15.8-1.1 Container suse/sl-micro/6.0/toolbox:latest:ca-certificates-mozilla-2.84-slfo.1.1_1.1 Image SL-Micro:ca-certificates-mozilla-2.84-slfo.1.1_1.1 Image SL-Micro:shim-15.8-1.1 Image SLE-Micro:ca-certificates-mozilla-2.84-slfo.1.1_1.1 Image SLE-Micro:shim-15.8-1.1 Image SLE-Micro-Azure:shim-15.8-1.1 Image SLE-Micro-BYOS:shim-15.8-1.1 Image SLE-Micro-BYOS-Azure:shim-15.8-1.1 Image SLE-Micro-BYOS-EC2:shim-15.8-1.1 Image SLE-Micro-BYOS-GCE:shim-15.8-1.1 Image SLE-Micro-EC2:ca-certificates-mozilla-2.84-slfo.1.1_1.1 Image SLE-Micro-EC2:shim-15.8-1.1 Image SLE-Micro-GCE:shim-15.8-1.1 SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1 moderate