Threat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms.
March 13, 2025 By Ionut Arghire
Grafana path traversal vulnerabilities have been exploited prior to a broad campaign targeting server-side request forgery (SSRF) bugs in multiple popular platforms, threat intelligence firm GreyNoise reports.
As part of the coordinated exploitation of SSRF flaws, which spiked over the weekend, more than 400 IPs were observed targeting Zimbra, GitLab, DotNetNuke, VMware, ColumbiaSoft, Ivanti, BerriAI, and OpenBMCS products.
According to GreyNoise, many of the IPs used to launch the attacks have been targeting multiple SSRF vulnerabilities at the same time, suggesting the use of automation and a potential focus on pre-compromise intelligence gathering.
Most of the attacks have been targeting entities in the US, Germany, India, Japan, and Singapore, but last week GreyNoise observed a focus on Israel and the Netherlands.
