Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

The Hacker News

November 21, 2025 at 3:40 PM

CVE Vulnerability Privilege Escalation Critical

Summary

Grafana has issued security updates to fix a critical vulnerability, CVE-2025-41115, with a CVSS score of 10.0. This flaw in the SCIM component can lead to privilege escalation and user impersonation under specific configurations.

Impact

Grafana

In the Wild

Unknown

Timeline

Newly disclosed

Remediation

Apply security updates provided by Grafana.

Read Original Article