CVE-2025-41115
BaseFortify
Publication date: 2025-11-21
Last updated on: 2025-11-21
Assigner: Grafana Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| grafana | grafana | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Grafana Enterprise and Grafana Cloud versions 12.x when SCIM provisioning is enabled and configured. It allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which can override internal user IDs. This can lead to user impersonation or privilege escalation within the system.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to impersonate other users or escalate their privileges within Grafana. This could lead to unauthorized access to sensitive data, modification of configurations, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately disable the SCIM provisioning feature by setting the 'enableSCIM' feature flag to false or disable 'user_sync_enabled' in the '[auth.scim]' configuration block. This will prevent the vulnerability from being exploitable until a patch or update is applied.