Grafana Labs has released security patches for multiple versions of Grafana, addressing a medium severity vulnerability identified as CVE-2025-3415, which exposed DingDing contact points in Grafana Alerting. This vulnerability, which was reported through a bug bounty program, could allow users with Viewer permissions to see DingDing contact points in plain text due to a configuration oversight, earning a CVSS 3.0 score of 4.3. The affected versions include Grafana 12.0.1 and earlier, and users are advised to upgrade their instances or remove DingDing configurations to mitigate the risk. The timeline of the incident shows a coordinated response involving early notifications to cloud providers like Amazon Managed Grafana and Azure Managed Grafana, ensuring their services remain secure. Grafana Labs encourages users to report security issues through their dedicated page and emphasizes the importance of non-disclosure until a fix is publicly announced. The company also maintains a security section on their blog for ongoing updates and announcements.