{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "extracted_events": [
              {
                "introduced": "1.0.0"
              },
              {
                "fixed": "4.0.16"
              }
            ],
            "source": [
              "DESCRIPTION",
              "REFERENCES"
            ]
          },
          "events": [
            {
              "introduced": "64b48a44ea58a97c4795f4987c8285c32810fb85"
            },
            {
              "fixed": "3998b13834d08065b507e48ae3af9aadfa85dee9"
            },
            {
              "fixed": "1858c2c51347b23f43b1d288bc9222f16030e3f9"
            }
          ],
          "repo": "https://github.com/grafana/grafana-image-renderer",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "GRAFANA",
    "cwe_ids": [
      "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11539.json"
  },
  "details": "Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process.\n\nInstances are vulnerable if:\n\n1. The default token (\"authToken\") is not changed, or is known to the attacker.\n2. The attacker can reach the image renderer endpoint.\nThis issue affects grafana-image-renderer: from 1.0.0 through 4.0.16.",
  "id": "CVE-2025-11539",
  "modified": "2026-07-15T01:49:19.943026039Z",
  "published": "2025-10-09T07:18:15.819Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11539.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://grafana.com/security/security-advisories/cve-2025-11539/"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11539"
    },
    {
      "type": "FIX",
      "url": "https://github.com/grafana/grafana-image-renderer/releases/tag/v4.0.17"
    }
  ],
  "schema_version": "1.8.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Arbitrary Code Execution in Grafana Image Renderer Plugin"
}