Grafana security update: Critical severity security release for CVE-2025-5959, CVE-2025-6554, CVE-2025-6191 and CVE-2025-6192 in Grafana Image Renderer plugin and Synthetic Monitoring Agent

Grafana Labs released critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent to address four severe vulnerabilities (CVE-2025-5959, CVE-2025-6554, CVE-2025-6191, and CVE-2025-6192) found in the Chromium library, which could allow remote code execution. Users of these tools are urged to update to the latest versions, Grafana Image Renderer 3.12.9 and Synthetic Monitoring Agent 0.38.3, to mitigate these risks. The company coordinated with cloud providers, including Azure Managed Grafana, to ensure security across platforms. Using the CVSS 3.1 methodology, the vulnerabilities were rated as critical, though NIST has not yet assigned a score. Grafana Labs provides detailed instructions for updating and encourages users to report any security issues through their established channels, while maintaining a security-focused blog for updates and acknowledgments.