Description

A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dashboards/folders regardless of permissions - Editors can view/edit/delete all dashboards/folders regardless of permissions - Editors can create dashboards in any folder regardless of permissions - Anonymous users with viewer/editor roles are similarly affected Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources.

INFO

Published Date :

2025-06-02T10:06:39.039Z

Last Modified :

2026-02-26T18:27:45.357Z

Source :

GRAFANA
AFFECTED PRODUCTS

The following products are affected by CVE-2025-3260 vulnerability.

Vendors Products
Grafana
  • Grafana
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-3260.

URL Resource
https://grafana.com/security/security-advisories/CVE-2025-3260/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-3260 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-3260 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact