Grafana Patches CVSS 10.0 SCIM Vulnerability: What You Need to Know

In this video, we explore a critical security vulnerability discovered in Grafana, a popular analytics and observability platform. The flaw, tracked as CVE-2025-41115, has been assigned a maximum severity score of 10.0 on the CVSS scale, indicating a severe threat to users and organizations that utilize Grafana for identity management and user provisioning.

What you’ll learn: We will break down the details of the vulnerability, including how it could allow for user impersonation and privilege escalation. We'll also discuss the timeline of events surrounding its discovery and the necessary steps for organizations to protect themselves against potential exploitation.

On November 21, 2025, Grafana announced the release of security updates to address this critical flaw in the System for Cross-domain Identity Management (SCIM) component. This vulnerability, first introduced in April 2025, allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which could lead to overriding internal user IDs. This means that under certain configurations, a newly provisioned user could be treated as an existing internal account, such as an Admin, posing significant risks for organizations.

The vulnerability affects Grafana Enterprise versions from 12.0.0 to 12.2.1, and it was discovered internally during an audit on November 4, 2025. Grafana has advised users to apply the patches immediately to mitigate potential risks associated with this vulnerability. The patched versions include Grafana Enterprise 12.0.6+security-01, 12.1.3+security-01, 12.2.1+security-01, and 12.3.0.

As organizations increasingly rely on automated user provisioning and management systems, understanding the implications of such vulnerabilities becomes crucial. Users are encouraged to ensure that their SCIM provisioning is configured correctly and to apply the latest security updates to safeguard their systems.

In conclusion, the discovery of this CVSS 10.0 vulnerability highlights the ongoing challenges in cybersecurity, particularly in identity management systems. Organizations must remain vigilant and proactive in their security measures to prevent exploitation of such critical flaws. Stay informed about the latest cybersecurity news and updates to protect your digital assets effectively.