AI description
CVE-2025-41115 is a vulnerability in Grafana Enterprise and Grafana Cloud versions 12.x where SCIM provisioning is enabled. The vulnerability lies in user identity handling, where a malicious or compromised SCIM client can provision a user with a numeric externalId. This can lead to overriding internal user IDs. This flaw can allow for user impersonation or privilege escalation. The vulnerability is triggered only when the `enableSCIM` feature flag is set to true and the `user_sync_enabled` config option in the `[auth.scim]` block is set to true.
- Description
- SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions are met: - `enableSCIM` feature flag set to true - `user_sync_enabled` config option in the `[auth.scim]` block set to true
- Source
- security@grafana.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-266
- Hype score
- Not currently trending
🚨 Grafana [—] Dec 01, 2025 Product Security Advisory Regarding CVE-2025-41115 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #CyberSecurity #Innovation #LLM #CyberSecurityWarning https://t.co/4PGPHapFDe
@transilienceai
1 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Grafana Enterprise [—] Nov 27, 2025 Product security advisory report focusing on CVE-2025-41115 and related security measures. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #LLM https://t.co/CEYQTBbSsa
@transilienceai
27 Nov 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad en productos Grafana ❗CVE-2025-41115 ➡️Más info: https://t.co/2A0yQHkAr1 https://t.co/cmTMIyuFXN
@CERTpy
25 Nov 2025
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-41115 – Grafana SCIM Config Enables Privilege Escalation Critical flaw in Grafana Cloud's SCIM provisioning lets attackers promote themselves to Admin using specially crafted API requests. What's brutal: SCIM is meant to automate user management securely—but th
@the_c_protocol
25 Nov 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana Labs предупреждает о критической уязвимости CVE-2025-41115 в своем продукте Enterprise. Она позволяет злоумышленникам выдавать себя за администраторов. Важно пр
@cybereye_ru
25 Nov 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana Labs هەواڵی تۆمارکردنی کێشەیەکی پاراستنی زۆر گرنگی بەرز بڕیاری بەرزدا داوە، کە ناوی CVE-2025-41115ە. ئەم کێشەیە نیشانی دابینکردنی بەھەشتەی ئیشکراوی نوسینەک
@CaveSiberKurdi
25 Nov 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana Labs اخطار خطر امنیتی بالایی به نام CVE-2025-41115 را منتشر کرده که میتواند به حملهکنندگان اجازه دهد تا هویت مدیران را جعل کنند. این آسیبپذیری بر اثر پیکر
@Cyber_Sonar
25 Nov 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
قدمت مختبرات جرافانا تنبيهًا بشأن ثغرة أمنية عالية الخطورة، تُعرف بـ CVE-2025-41115، تؤثر على منتجها المؤسسي. هذه الثغرة قد تتيح للمهاجمين إمكانية انتحال شخصية
@Cybereayn
25 Nov 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Shai-Hulud’s second wave steals npm credentials from 25,000+ repos, ShadowPad exploits WSUS flaws, Grafana SCIM allows privilege escalation (CVE-2025-41115). Harvard, Mazda breached; Moscow postal outage impacts Ukraine. #ShadowPad #WindowsRisks https://t.co/xzMfGRo3z4
@TweetThreatNews
25 Nov 2025
334 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. https://t.co/q0fo8pbkgT https://
@riskigy
24 Nov 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana flags critical SCIM vulnerability CVE-2025-41115 allowing attackers to impersonate admins via misaligned externalId and SAML identifiers in Enterprise & Cloud plans. #GrafanaLabs #SCIMFlaw #SAMLIntegration https://t.co/jy38VpMOhX
@TweetThreatNews
24 Nov 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
В Grafana исправили критическую уязвимость, позволявшую выдать себя за администратора Разработчики Grafana Labs предупредили о критической уязвимости CVE-2025-41115
@XakepRU
24 Nov 2025
1168 Impressions
4 Retweets
5 Likes
4 Bookmarks
0 Replies
0 Quotes
Grafana warns of max severity admin spoofing vulnerability 🔥🕵️♂️ Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation! https:/
@SSuiteSoftware
24 Nov 2025
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Grafana patched a severe SCIM flaw (CVE-2025-41115, CVSS 10.0) in versions 12.0.0 to 12.2.1 Enterprise that allowed attackers to impersonate users or escalate privileges if SCIM was enabled. https://t.co/O9PBtXSO7I
@WalkureARCH
23 Nov 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Grafana has released security updates to address a maximum severity security flaw allowing privilege escalation or user impersonation under certain configurations. CVE-2025-41115 has a CVSS score of 10.0! #Grafana #SecurityFlaw #CVE 🔒 Source: https://t.co/mlYLcZ7vjM
@JamaalChalid
23 Nov 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana issues max-severity alert (CVE-2025-41115). A flaw in Grafana Enterprise can let attackers spoof new users as admins or escalate privileges. Patch immediately. More: https://t.co/1t9LpAeFa3”
@Ind_Cyber_News
23 Nov 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana just patched a CVSS 10.0 vulnerability. Maximum severity. SCIM component lets attackers impersonate any user and escalate privileges. CVE-2025-41115. Affects Enterprise versions 12.0-12.2.1. Patch immediately. https://t.co/k7Bgre9az5
@billbisthere
22 Nov 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana выпустила обновления безопасности, призванные устранить максимально серьезную уязвимость безопасности, которая могла привести к повышению привил
@marketkot
22 Nov 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👉 @grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) that could enable impersonation or privilege escalation when SCIM + user sync are enabled. Issue: numeric externalId values could override internal user IDs. Patched in latest enterprise builds. 💬 Thoughts? Follow
@TechNadu
22 Nov 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 Grafana SCIM Gets Perfect CVSS 10.0 Privilege Escalation (CVE-2025-41115) Grafana Enterprise shipped with a flaw in SCIM user provisioning that scores a perfect 10.0. What's nasty: attackers with basic SCIM access can escalate to Organization Admin by manipulating role
@the_c_protocol
22 Nov 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. https://t.co/58rUkX9iQQ
@cyberkilllist
22 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 𝐇𝐨𝐭 𝐨𝐟𝐟 𝐭𝐡𝐞 𝐩𝐫𝐞𝐬𝐬: 𝐂𝐕𝐄 𝐢𝐧𝐬𝐢𝐠𝐡𝐭𝐬! Urgent patch alert: CVE-2025-41115 flaw in Grafana SCIM can let attackers impersonate admin users. Learn how to fix it fast. 👉 Dive into the full analysis → http
@PurpleOps_io
22 Nov 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Vulnerabilidad en Grafana con (SCIM) ⚠️ CVE-2025-41115, System for Cross-domain Identity Management (SCIM) https://t.co/dl2B58Wqno https://t.co/dQJJOOkFoe
@elhackernet
22 Nov 2025
3935 Impressions
7 Retweets
24 Likes
7 Bookmarks
0 Replies
0 Quotes
Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. #cybersecurity https://t.co/RjRvpU711Y
@cybertzar
22 Nov 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Grafana has patched a critical flaw (CVE-2025-41115) in Grafana Enterprise 💻. Users & admins should update immediately 🔒. 🔗 https://t.co/e2uVVAtqIv https://t.co/pAx0lS4P99
@CSAsingapore
22 Nov 2025
142 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Grafana Alert 🚨 Grafana Enterprise has a max severity vulnerability (CVE-2025-41115). If SCIM is enabled, new users can automatically become admins. Action: Update Grafana Enterprise immediately to fix this privilege escalation flaw. #CyberSecurity #InfoSec #Gra
@sectoriumx
22 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
21/11/2025 Grafana has patched a critical CVE-2025-41115 SCIM flaw with a CVSS score of 10.0! 🚨 This vulnerability enables user impersonation and privilege escalation. Update now to secure your systems! Source: https://t.co/IJQd9rJaxB
@kernyx64
22 Nov 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Max Severity Flaw CVE-2025-41115 Allows Grafana Admin Spoofing. https://t.co/3PMP1HCyBe
@CyberSecuriUS
22 Nov 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical CVE-2025-41115 in Grafana Enterprise 12.0.0! SCIM provisioning flaw allows user impersonation & privilege escalation. Disable SCIM configs & patch ASAP. Details: https://t.co/SFqVDyh5yP #OffSeq #Gra... https://t.co/BSnlcuaTyc
@offseq
22 Nov 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. The issue is only exploitable when SCIM (System for Cross-domain Identity Management)
@NSIguy
22 Nov 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Grafana SCIM CVE-2025-41115 is a CVSS 10 in Enterprise 12.0.0-12.2.1, lets SCIM clients create admin-level users. If SCIM is on, patch now and audit who got provisioned lately. #Vuln https://t.co/ekeCdrewVc
@threatcluster
21 Nov 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical alert for Grafana Enterprise users: A maximum severity vulnerability (CVE-2025-41115) allows full admin takeover via SCIM. Patch immediately if you're on versions 12.0.0-12.2.1. https://t.co/WwR5X8GhIk
@RedTeamNewsBlog
21 Nov 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-41115: Grafana Privilege Escalation and User Impersonation CVSS: 10 PoC: https://t.co/r2OVfTEpg1 Advisory: https://t.co/PSKnByRb28 Timeline: 2025-11-04 - Issue discovered internally 2025-11-04 - Incident declared 2025-11-05 - Cloud vendors privately notified &am
@DarkWebInformer
21 Nov 2025
4808 Impressions
7 Retweets
21 Likes
9 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-41115: Privilege Escalation and User Impersonation CVSS: 10 PoC: https://t.co/r2OVfTEpg1 Advisory: https://t.co/PSKnByRb28 Timeline: 2025-11-04 - Issue discovered internally 2025-11-04 - Incident declared 2025-11-05 - Cloud vendors privately notified & patch
@DarkWebInformer
21 Nov 2025
257 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🟥 CVE-2025-41115, CVSS: 10.0 (#Critical) Grafana version 12.x, Grafana. A critical vulnerability in SCIM provisioning. A malicious SCIM client can provision a user with a numeric externalId, potentially allowing user ID overrides, leading to impersonation or privilege https
@UjlakiMarci
21 Nov 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-41115 SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automa… https://t.co/pJLF9rU7Lg
@CVEnew
21 Nov 2025
297 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-41115 (CVSS 10) – Grafana Privilege Escalation Grafana 12.x with SCIM enabled is vulnerable: a malicious SCIM client can create users with numeric externalIds, risking ID override and full privilege escalation. Search by vul.cve Filter👉vul.cve="CVE-2025-411
@zoomeye_team
21 Nov 2025
8976 Impressions
33 Retweets
105 Likes
59 Bookmarks
3 Replies
0 Quotes
🚨 Along with the release of Grafana Enterprise 12.3, we've released updated versions of Grafana Enterprise 12.2.1, 12.1.3 and 12.0.6 — all of which contain a critical severity security fix for CVE-2025-41115. https://t.co/VeEoVph0ZL
@grafana
20 Nov 2025
1490 Impressions
0 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes