CVE-2025-11539 | Grafana grafana-image-renderer up to 4.0.16 /render/csv filePath code injection

A vulnerability was found in Grafana grafana-image-renderer up to 4.0.16. It has been rated as critical. This issue affects some unknown processing of the file /render/csv. Performing manipulation of the argument filePath results in code injection.

This vulnerability is known as CVE-2025-11539. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More