The flaw, tracked as CVE-2025-41115, has received the maximum CVSS score of 10.0, making it one of the most severe vulnerabilities discovered in recent times.
The vulnerability exists in Grafana’s SCIM (System for Cross-domain Identity Management) setup feature, which was introduced in April 2025 to help organizations automate user lifecycle management.
The issue affects Grafana Enterprise versions 12.0.0 through 12.2.1, where SCIM setup is enabled and configured.
According to Grafana Labs, the vulnerability stems from incorrect handling of user identities. A malicious or compromised SCIM client could provision a user with a numeric externalId, potentially overriding internal user IDs.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2025-41115 |
| Vulnerability Type | Incorrect Privilege Assignment / User Impersonation |
| CVSS Score | 10.0 |
| Severity | Critical |
| Affected Products | Grafana Enterprise (with SCIM provisioning enabled) |
| Affected Versions | Grafana Enterprise 12.0.0 to 12.2.1 |
This could allow attackers to impersonate existing users, including administrators, leading to complete system compromise.
The flaw affects only systems where both the enableSCIM feature flag and the user_sync_enabled configuration option are set to true. This vulnerability does not impact Grafana OSS users.
Grafana Labs discovered the vulnerability during internal security audits on November 4, 2025, and immediately declared an internal incident.
The company confirmed no exploitation occurred in Grafana Cloud environments and released patches within days.
Organizations running affected versions should upgrade immediately to patched versions, including Grafana Enterprise 12.3.0, 12.2.1, 12.1.3, or 12.0.6.
Grafana Cloud customers and managed service users on Amazon and Azure platforms have already received automatic security updates.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical Grafana Vulnerability Let Attackers Escalate Privilege appeared first on Cyber Security News.
Tension: We perform listening instead of practicing presence, creating distance while appearing close. Noise: The…
Tension: The command-and-control leadership that built successful companies in 2010 now creates anxious, depleted teams.…
A crew member working on the live-action How to Train Your Dragon 2 has reportedly…
Alien: Rogue Incursion - Part One: Evolved Edition is now officially a Nintendo Switch 2…
A crew member working on the live-action How to Train Your Dragon 2 has reportedly…
Alien: Rogue Incursion - Part One: Evolved Edition is now officially a Nintendo Switch 2…
This website uses cookies.