CVE-2025-11539CRITICAL 9.9EPSS p43.1%

CVE-2025-11539CVE-2025-11539

Description

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process. Instances are vulnerable if: 1. The default token ("authToken") is not changed, or is known to the attacker. 2. The attacker can reach the image renderer endpoint. This issue affects grafana-image-renderer: from 1.0.0 through 4.0.16.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.58% probability of exploitation · percentile 43.1% · 2026-06-19T12:03:05Z
Published2025-10-09
Last modified2026-04-15

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/grafana/grafana-image-renderer/releases/tag/v4.0.17
  2. https://grafana.com/security/security-advisories/cve-2025-11539/

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Grafana Path Traversal Vulnerability
CVE
CVE-2025-3260
CVE
CVE-2026-28379
CVE
CVE-2026-28383
CVE
CVE-2025-47533
CVE
CVE-2026-11255
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.