Alerts

Critical Vulnerability Affecting Grafana Enterprise

22 November 2025

Grafana has released security updates to address a critical vulnerability (CVE-2025-41115) in Grafana Enterprise. Users and administrators of affected product versions are advised to update to the latest version immediately.

Background:

Grafana has released security updates to address a critical vulnerability (CVE-2025-41115) in Grafana Enterprise. This vulnerability resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. It has a maximum Common Vulnerability Scoring System (CVSSv3.1) score of 10 out of 10.

Impact:

If SCIM provisioning is enabled and configured, successful exploitation of the vulnerability could allow a malicious or compromised SCIM client to furnish a user with a numeric external ID to override internal user IDs, resulting in impersonation or privileges escalation.

Affected Products:

The vulnerability impacts Grafana Enterprise running on the following versions:

Grafana Enterprise 12.0.0 to 12.2.1

The vulnerability will also only exist if the following conditions are met:

enableSCIM feature flag set to true

user_sync_enabled config option in the [auth.scim] block set to true

Mitigation:

Users and administrators of affected product versions are advised to update to the latest version immediately.

References:

https://nvd.nist.gov/vuln/detail/CVE-2025-41115

https://grafana.com/security/security-advisories/cve-2025-41115/

https://grafana.com/blog/2025/11/19/grafana-enterprise-security-update-critical-severity-security-fix-for-cve-2025-41115/

https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Critical Vulnerability Affecting Grafana Enterprise

Reach us