Two now-patched critical flaws in Grafana’s plugin architecture could let attackers take full control of an organization’s observability instance.
Grafana is a widely used DevOps observability platform for visualizing metrics, logs, and traces, and the two plugins in question, SQLite for accessing locally stored data and Infinity for fetching data from remote sources, extend its integration capabilities.
Researchers at Cycode found that the plugins, which pull data from local and external sources, could expose sensitive credentials and internal cloud infrastructure.
“Exploiting these flaws can quickly turn limited access into total control over a Grafana instance,” Cycode security researcher Elad Pticha told CSO. “Given Grafana’s widespread use and the sensitive production credentials it often holds, such weaknesses could become high-value targets.”
At fault are a hardcoded default encryption key in one plugin and a bypassable URL allow list in the other, each capable of allowing privilege escalation to Grafana admin on its own.
The flaws were reported to the respective maintainers — Grafana Labs in the case of Infinity — and appropriate fixes have since been applied, Pticha added.
One allowed SSRF, the other revealed sensitive keys
One of the flaws, CVE-2025-8341, lurked in Infinity’s URL allow-list check. By slipping an ‘@’ symbol into a crafted URL, attackers could trick Grafana into sending server-side requests (SSRF) to internal endpoints, such as cloud metadata services, effectively opening a tunnel into otherwise unreachable infrastructure.
“The Infinity plugin allows users to send HTTP requests to any URL and customize those requests with headers, parameters, and payloads,” the researchers said in a blog post shared with CSO before its publication on Thursday. “Anything before the ‘@’ is treated as credentials (username and password), while everything after it is interpreted as the actual destination host and path. We crafted a URL that begins with an allowed prefix but actually routes to a different destination.”
The other flaw exploited the SQLite plugin’s broad filesystem access. Because Grafana ships with a hardcoded default encryption key in its official Docker image, any instance left with that key unchanged could be fully compromised if an attacker accessed the databases. As it happens, the access is provided by the SQLite plugin, which can connect to any SQLite database file that the Grafana process can reach, including Grafana’s own database file.
From there, attackers could elevate their own account to admin, pull stored credentials for connected systems, and move laterally into more sensitive environments without tripping alarms.
Flaws addressed, but users must take action
Cycode confirmed to CSO that both flaws have now been addressed. The SQLite plugin now features a deny list, GF_PLUGIN_BLOCK_LIST, to restrict the plugin from accessing specific files, including Grafana’s own database, grafana.db. The Infinity plugin now properly validates allowed URLs, ensuring it can only interact with explicitly permitted endpoints. Users must configure a strict allow list to limit the plugin’s access to only authorized URLs.
Users will, however, remain vulnerable if these additional settings aren’t immediately configured. “It’s difficult to estimate exactly how many Grafana deployments use the default hardcoded encryption key. But in our experience, when a security feature needs to be configured manually, it is usually left unchanged,” noted Pticha.
Only the flaw affecting Infinity received a CVE, while SQLite, a community-maintained plugin, was fixed by its developer, Sergej Herbert. “Both the SQLite plugin maintainer and Grafana Labs were highly responsive and great to work with throughout the disclosure process,” Pticha added.
In an email, Grafana Labs CISO, Joe McManus, shared the following comment:
“Security is a shared responsibility, especially with community-contributed plugins, and we take that responsibility seriously,” he wrote. “As soon as we were made aware of these vulnerabilities, we worked closely with the researchers to validate the findings, develop fixes, and release updated versions. Grafana Cloud users are able to opt in to our managed plugins feature (which has been the default for all new instances since late last year) which automatically keeps plugins up to date, reducing the risk of similar issues. We remain committed to strengthening Grafana’s security posture and ensuring our community and customers have the guidance they need to safeguard their observability environments.”
This is the second time in three months that it has been hit with a critical SSRF flaw; a June 2025 vulnerability exposed 47000 servers to potential account takeover.
Updated with a statement from Grafana.
No Responses