Main Vulnerability Database Exploits ID:12182 - Exploit for Incorrect privilege assignment in Grafana Enterprise - CVE-2025-41115

ID:12182 - Exploit for Incorrect privilege assignment in Grafana Enterprise - CVE-2025-41115

Published: December 4, 2025

Vulnerability identifier: #VU118797

Vulnerability risk: Medium

CVE-ID: CVE-2025-41115

CWE-ID: CWE-266

Exploitation vector: Remote access

Vulnerable software:
Grafana Enterprise

Link to public exploit:

https://github.com/I3r1h0n/GrafanaSCIMalform

Vulnerability description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to an error in identity handling. A malicious or compromised SCIM client can provision a user with a numeric externalId, which allows to override internal user IDs and lead to impersonation or privilege escalation.

Successful exploitation of the vulnerability requires that the enableSCIM feature flag set to true and the "user_sync_enabled" config option in the [auth.scim] block set to "true".

Remediation

Install updates from vendor's website.

ID:12182 - Exploit for Incorrect privilege assignment in Grafana Enterprise - CVE-2025-41115

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human