Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers to escalate privileges and impersonate users.
The flaw, tracked as CVE-2025-41115, has received the maximum CVSS score of 10.0, making it one of the most severe vulnerabilities discovered in recent times.
The vulnerability exists in Grafana’s SCIM (System for Cross-domain Identity Management) setup feature, which was introduced in April 2025 to help organizations automate user lifecycle management.
The issue affects Grafana Enterprise versions 12.0.0 through 12.2.1, where SCIM setup is enabled and configured.
According to Grafana Labs, the vulnerability stems from incorrect handling of user identities. A malicious or compromised SCIM client could provision a user with a numeric externalId, potentially overriding internal user IDs.
AttributeDetailsCVE IDCVE-2025-41115Vulnerability TypeIncorrect Privilege Assignment / User ImpersonationCVSS Score10.0SeverityCriticalAffected ProductsGrafana Enterprise (with SCIM provisioning enabled)Affected VersionsGrafana Enterprise 12.0.0 to 12.2.1
This could allow attackers to impersonate existing users, including administrators, leading to complete system compromise.
The flaw affects only systems where both the enableSCIM feature flag and the user_sync_enabled configuration option are set to true. This vulnerability does not impact Grafana OSS users.
Grafana Labs discovered the vulnerability during internal security audits on November 4, 2025, and immediately declared an internal incident.
The company confirmed no exploitation occurred in Grafana Cloud environments and released patches within days.
Organizations running affected versions should upgrade immediately to patched versions, including Grafana Enterprise 12.3.0, 12.2.1, 12.1.3, or 12.0.6.
Grafana Cloud customers and managed service users on Amazon and Azure platforms have already received automatic security updates.
Joe McManus, CISO, Grafana Labs, stated to Cybersecurity News, “At Grafana Labs, the security of our customers and their data is paramount. As soon as we identified this SCIM-related vulnerability affecting certain configurations in use by Grafana Enterprise and Grafana Cloud Pro, our teams acted immediately to investigate, develop, and test a fix. Grafana Labs customers received patched versions in advance, and the appropriate protections have already been applied.”
“We also worked closely under embargo with all cloud providers licensed to offer Grafana Cloud Pro to ensure their environments were secured ahead of today’s disclosure. It’s important to note that Grafana OSS users are not affected by this issue. We strongly encourage any affected customers to upgrade to the latest patched release as soon as possible. We remain committed to transparency and to continuously improving the security of the Grafana platform.”
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
![Erika Kirk Reveals Thoughts On Charlie's Accused Killer Possibly Getting Death Penalty [Video]](https://cdn1.emegypt.net/wp-content/uploads/2025/11/Erika-Kirk-Reveals-Thoughts-On-Charlies-Accused-Killer-Possibly-Getting.webp-390x220.webp)