Main Vulnerability Database Vulnerabilities #VU118797

#VU118797 Incorrect privilege assignment in Grafana Enterprise - CVE-2025-41115

Published: November 27, 2025 / Updated: December 4, 2025

Vulnerability identifier: #VU118797

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2025-41115

CWE-ID: CWE-266

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Grafana Enterprise

Software vendor:
Grafana Labs

Description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to an error in identity handling. A malicious or compromised SCIM client can provision a user with a numeric externalId, which allows to override internal user IDs and lead to impersonation or privilege escalation.

Successful exploitation of the vulnerability requires that the enableSCIM feature flag set to true and the "user_sync_enabled" config option in the [auth.scim] block set to "true".

Remediation

Install updates from vendor's website.

External links

https://grafana.com/security/security-advisories/cve-2025-41115/

#VU118797 Incorrect privilege assignment in Grafana Enterprise - CVE-2025-41115

Description

Remediation

External links

Please verify you're human