Grafana Labs warns of a critical vulnerability, CVE-2025-41115, that could allow attackers to impersonate administrators through SCIM settings. Organizations using Grafana Enterprise or Cloud plans should review their configurations to prevent privilege escalation risks. #CVE-2025-41115 #GrafanaLabs #SCIM #SAML
Keypoints
- The CVE-2025-41115 vulnerability affects Grafanaβs Enterprise product when SCIM provisioning is enabled.
- A malicious SCIM client can create users with numeric externalId that map to internal accounts, leading to impersonation.
- Proper alignment between SCIM externalId and SAML identifiers is crucial to prevent unauthorized access.
- Grafana recommends testing SCIM configurations in non-production environments due to potential breaking changes.
- Security teams are advised to review identity mappings and configurations to mitigate this risk effectively.
Read More: https://thecyberexpress.com/grafana-scim-vulnerability-cve-2025-41115/