Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Grafana has released security updates to resolve a critical vulnerability (CVE-2025-41115) with a CVSS score of 10.0, enabling user impersonation and privilege escalation in versions 12.x. The flaw stems from improper handling of SCIM external IDs.

Why This Matters

The vulnerability exposes a fundamental flaw in SCIM’s identity mapping: numeric external IDs could override internal user IDs, allowing attackers to impersonate privileged users like admins. While Grafana’s SCIM feature is designed for automated user management, this misconfiguration creates a high-risk attack vector. The potential for unrestricted access highlights the gap between ideal secure design and real-world implementation errors.

Key Insights

• “CVSS 10.0 vulnerability CVE-2025-41115, 2025”
• “SCIM externalId mapping to internal user.uid allows numeric override”
• “Grafana Enterprise 12.0.0–12.2.1 affected, patched in 12.0.6+security-01 and later”

Practical Applications

• Use Case: Grafana Enterprise with SCIM provisioning; misconfigured settings lead to risks.
• Pitfall: Leaving enableSCIM and user_sync_enabled as true without applying patches.

References:

• https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html