Main Vulnerability Database Vulnerabilities #VU118797

Incorrect privilege assignment in Grafana Enterprise - CVE-2025-41115

Published: November 27, 2025 / Updated: December 4, 2025

Vulnerability identifier: #VU118797

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2025-41115

CWE-ID: CWE-266

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Grafana Labs

Affected software:
Grafana Enterprise

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to an error in identity handling. A malicious or compromised SCIM client can provision a user with a numeric externalId, which allows to override internal user IDs and lead to impersonation or privilege escalation.

Successful exploitation of the vulnerability requires that the enableSCIM feature flag set to true and the "user_sync_enabled" config option in the [auth.scim] block set to "true".

How to mitigate CVE-2025-41115

Install updates from vendor's website.

Sources

https://grafana.com/security/security-advisories/cve-2025-41115/

Incorrect privilege assignment in Grafana Enterprise - CVE-2025-41115

Detailed vulnerability description

How to mitigate CVE-2025-41115

Sources

Please verify you're human