CVE-2025-41115
Incorrect privilege assignment
Description
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions are met: - `enableSCIM` feature flag set to true - `user_sync_enabled` config option in the `[auth.scim]` block set to true
INFO
Published Date :
Nov. 21, 2025, 2:25 p.m.
Last Modified :
Nov. 21, 2025, 2:25 p.m.
Remotely Exploit :
No
Source :
GRAFANA
Affected Products
The following products are affected by CVE-2025-41115
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Upgrade Grafana to a patched version.
- Ensure SCIM provisioning is securely configured.
- Disable SCIM if not actively used.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-41115 vulnerability anywhere in the article.