Grafana: Permission Bypass in Grafana Dashboard API Endpoints

In Grafana versions 0alpha1, 1alpha1 and 2alpha1 a high severity vulnerability was detected in the /apis/dashboard.grafana.app/* endpoints across all API versions. This vulnerability allows authenticated and anonymous users with viewer or editor roles to bypass dashboard and folder-level permissions, enabling unrestricted access, modification, and creation of dashboards across all folders, while organization isolation and datasource access remain unaffected. Currently, there is no fix version for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3260.