CVE-2025-41115Incorrect Privilege Assignment in Enterprise

CWE-266Incorrect Privilege Assignment8 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.0%
top 87.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Grafana EnterpriseGithub.com Grafana GrafanaGrafana
Timeline
PublishedNov 21
Latest updateNov 26

Description

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privil

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5grafana/grafana_enterprise12.0.012.2.1
NVDgrafana/grafana12.0.012.2.1
Gogithub.com/grafana_grafana12.0.012.0.7+4

🔴Vulnerability Details

4
OSV
Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana2025-11-25
GHSA
Grafana Incorrect Privilege Assignment vulnerability2025-11-21
OSV
Grafana Incorrect Privilege Assignment vulnerability2025-11-21
CVEList
Incorrect privilege assignment2025-11-21

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Grafana SCIM User Provisioning Privilege Escalation (CVE-2025-41115)2025-11-26

📋Vendor Advisories

1
Red Hat
grafana: Incorrect Privilege Assignment2025-11-25

🕵️Threat Intelligence

1
Bleepingcomputer
Grafana warns of max severity admin spoofing vulnerability2025-11-21
CVE-2025-41115 — Incorrect Privilege Assignment | cvebase