Grafana Labs has issued a security warning for a high-severity vulnerability (CVE-2025-41115) affecting its Enterprise platform, which could lead to privilege escalation or impersonation when SCIM provisioning is enabled. The issue is mitigated in cloud services but requires self-managed users to update their software or disable SCIM. #GrafanaLabs #CVE-2025-41115
Keypoints
- The vulnerability impacts Grafana Enterprise versions 12.0.0 to 12.2.1 when SCIM is enabled.
- Exploitation requires both โenableSCIMโ and โuser_sync_enabledโ options to be set to true.
- A malicious SCIM client could provision a user with a numeric externalId that maps to an internal account.
- The flaw was discovered during internal auditing, with patches released shortly after detection.
- Grafana recommends updating to patched versions or disabling SCIM to prevent potential exploits.