This article describes CVE-2025-3415, a security vulnerability affecting Grafana deployed through the Healthwatch tile, along with remediation details.

Grafana is an open-source platform for monitoring and observability. A security vulnerability was identified where the Grafana Alerting DingDing integration was not properly protected, potentially exposing integration URLs to users with Viewer permissions.

The fix for CVE-2025-3415 is fixed in the following Grafana versions:

• 10.4.19+security-01
• 11.2.10+security-01
• 11.3.7+security-01
• 11.4.5+security-01
• 11.5.5+security-01
• 11.6.2+security-01
• 12.0.1+security-01

Upgrade to Healthwatch version v2.3.4 which contains grafana v10.4.19+security-01

For more details please see Healthwatch release notes