The flaw, tracked as CVE-2025-41115, has received the maximum CVSS score of 10.0, making it one of the most severe vulnerabilities discovered in recent times.
The vulnerability exists in Grafana’s SCIM (System for Cross-domain Identity Management) setup feature, which was introduced in April 2025 to help organizations automate user lifecycle management.
The issue affects Grafana Enterprise versions 12.0.0 through 12.2.1, where SCIM setup is enabled and configured.
According to Grafana Labs, the vulnerability stems from incorrect handling of user identities. A malicious or compromised SCIM client could provision a user with a numeric externalId, potentially overriding internal user IDs.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2025-41115 |
| Vulnerability Type | Incorrect Privilege Assignment / User Impersonation |
| CVSS Score | 10.0 |
| Severity | Critical |
| Affected Products | Grafana Enterprise (with SCIM provisioning enabled) |
| Affected Versions | Grafana Enterprise 12.0.0 to 12.2.1 |
This could allow attackers to impersonate existing users, including administrators, leading to complete system compromise.
The flaw affects only systems where both the enableSCIM feature flag and the user_sync_enabled configuration option are set to true. This vulnerability does not impact Grafana OSS users.
Grafana Labs discovered the vulnerability during internal security audits on November 4, 2025, and immediately declared an internal incident.
The company confirmed no exploitation occurred in Grafana Cloud environments and released patches within days.
Organizations running affected versions should upgrade immediately to patched versions, including Grafana Enterprise 12.3.0, 12.2.1, 12.1.3, or 12.0.6.
Grafana Cloud customers and managed service users on Amazon and Azure platforms have already received automatic security updates.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical Grafana Vulnerability Let Attackers Escalate Privilege appeared first on Cyber Security News.
A critical security flaw discovered in Android 16 allows malicious apps to leak a user’s…
A newly disclosed vulnerability in VMware Fusion is raising alarms across the cybersecurity community, as…
Google Project Zero researchers have uncovered a full zero-click exploit chain targeting Pixel 10 devices,…
A high-severity authentication bypass in PraisonAI is drawing urgent attention after security researchers observed active…
Top ethical hackers wasted no time breaking into modern software and AI platforms at Pwn2Own…
Tension: The PR industry preaches growth but practices retreat, creating a gap between ambition and…
This website uses cookies.