CometSoul

make IT easy

  • Bahasa Indonesia
  • English

    • Grafana Releases Critical Security Update to Patch CVE-2025-41115

    by

    Juni Artawan
    in



    Grafana has released an important security update to fix a critical vulnerability that could allow attackers to escalate privileges or even take over user accounts. Because of the high severity, the company strongly recommends all administrators apply the update immediately.

    CVE-2025-41115: A Critical Vulnerability With CVSS 10.0

    The vulnerability is tracked as CVE-2025-41115 and carries a CVSS score of 10.0, the highest possible rating in the risk scoring system.

    Root Cause: SCIM Module

    The issue originates from the System for Cross-domain Identity Management (SCIM) module. This feature is used to automatically manage and synchronize user accounts. SCIM was introduced in April 2025 and is still in public preview.

    Grafana explains that the vulnerability appears when SCIM is enabled. Under certain conditions, a malicious SCIM client can create a user account with an externalId value set to a number. This allows the attacker to override an internal identity and assume the privileges of another user.

    Conditions Required for Exploitation

    The vulnerability can only be exploited if both of the following configuration settings are enabled:

    • enableSCIM = true
    • user_sync_enabled = true in the [auth.scim] block

    If either setting is disabled, the attack cannot be carried out.

    Affected Grafana Versions

    This flaw affects Grafana Enterprise versions:

    • 12.0.0 to 12.2.1

    Patched Versions

    Grafana has released fixes in the following versions:

    • 12.0.6+security-01
    • 12.1.3+security-01
    • 12.2.1+security-01
    • 12.3.0

    Internally Discovered Vulnerability

    Grafana discovered the issue on November 4, 2025, during an internal security audit. Due to the extremely high risk, users are urged to update their installations without delay.

    Recommended Actions

    To prevent misuse, administrators should:

    • Check their running Grafana Enterprise version
    • Update immediately if they are using an affected version
    • Review SCIM configuration settings
    • Ensure administrator accounts are secure and monitored



    Source: https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html