One allowed SSRF, the other revealed sensitive keys
One of the flaws, CVE-2025-8341, lurked in Infinity’s URL allow-list check. By slipping an ‘@’ symbol into a crafted URL, attackers could trick Grafana into sending server-side requests (SSRF) to internal endpoints, such as cloud metadata services, effectively opening a tunnel into otherwise unreachable infrastructure.
“The Infinity plugin allows users to send HTTP requests to any URL and customize those requests with headers, parameters, and payloads,” the researchers said in a blog post shared with CSO before its publication on Thursday. “Anything before the ‘@’ is treated as credentials (username and password), while everything after it is interpreted as the actual destination host and path. We crafted a URL that begins with an allowed prefix but actually routes to a different destination.”
The other flaw exploited the SQLite plugin’s broad filesystem access. Because Grafana ships with a hardcoded default encryption key in its official Docker image, any instance left with that key unchanged could be fully compromised if an attacker accessed the databases. As it happens, the access is provided by the SQLite plugin, which can connect to any SQLite database file that the Grafana process can reach, including Grafana’s own database file.
