Grafana Labs has disclosed a vital safety vulnerability affecting Grafana Enterprise that would permit attackers to escalate privileges and impersonate customers.
The flaw, tracked as CVE-2025-41115, has acquired the utmost CVSS rating of 10.0, making it one of the crucial extreme vulnerabilities found in current occasions.
The vulnerability exists in Grafana’s SCIM (System for Cross-domain Id Administration) setup characteristic, which was launched in April 2025 to assist organizations automate consumer lifecycle administration.
The problem impacts Grafana Enterprise variations 12.0.0 by way of 12.2.1, the place SCIM setup is enabled and configured.
In accordance with Grafana Labs, the vulnerability stems from incorrect dealing with of consumer identities. A malicious or compromised SCIM shopper may provision a consumer with a numeric externalId, probably overriding inner consumer IDs.
AttributeDetailsCVE IDCVE-2025-41115Vulnerability TypeIncorrect Privilege Task / Person ImpersonationCVSS Score10.0SeverityCriticalAffected ProductsGrafana Enterprise (with SCIM provisioning enabled)Affected VersionsGrafana Enterprise 12.0.0 to 12.2.1
This might permit attackers to impersonate current customers, together with directors, main to finish system compromise.
The flaw impacts solely programs the place each the enableSCIM characteristic flag and the user_sync_enabled configuration choice are set to true. This vulnerability doesn’t influence Grafana OSS customers.
Grafana Labs found the vulnerability throughout inner safety audits on November 4, 2025, and instantly declared an inner incident.
The corporate confirmed no exploitation occurred in Grafana Cloud environments and launched patches inside days.
Organizations working affected variations ought to improve instantly to patched variations, together with Grafana Enterprise 12.3.0, 12.2.1, 12.1.3, or 12.0.6.
Grafana Cloud clients and managed service customers on Amazon and Azure platforms have already acquired automated safety updates.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.
