Grafana Labs Grafana Directory Traversal is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2025-59246Azure Entra ID Elevation of Privilege Vulnerability
CVSS 9.8
Potential privilege escalation to admin/root
New critical Microsoft Entra Id privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2025-59218Azure Entra ID Elevation of Privilege Vulnerability
CVSS 9.6
Potential privilege escalation to admin/root
New critical Microsoft Entra Id privilege escalation (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.