Grafana Labs has released an emergency security update, Grafana 12.0.0+security-01, along with patches for all currently supported versions, to address a high-severity cross-site scripting (XSS) vulnerability tracked as CVE-2025-4123.
The flaw, which carries a CVSS v3.1 base score of 7.6 (High), was made public before the scheduled disclosure, prompting the company to expedite its patch rollout.
https://cyberpress.org/critical-grafana-0-day-flaw/