Security researchers have urged DevOps teams to patch a high-severity flaw in popular tool Grafana that could be putting them at risk of account takeover attacks. Ox Security warned on Sunday that CVE-2025-4123 impacts 36% of public-facing Grafana instances – or over 46,000 worldwide – as well as countless Grafana servers not connected to the internet. Open source analytics and visualization platform Grafana is used by DevOps engineers, sysadmins and developers to help them monitor system performance and infrastructure. The vulnerability in question, dubbed “the Grafana Ghost,” was discovered and patched back in May. According to a description in the National Vulnerability Database (NVD), it’s a cross-site scripting (XSS) bug caused by combining a client path traversal and open redirect. “This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work,” it added.