CVE-2025-41115 - Geek Feed

Security
Tech News

Grafana warns of max severity admin spoofing vulnerability

November 24, 2025November 24, 2025 geekfeed0Tagged Authentication Bypass, CVE-2025-41115, Grafana, Privilege Escalation, vulnerability

Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. The issue is only exploitable when SCIM (System for Cross-domain Identity Management) provisioning is enabled and configured. Specifically, both ‘enableSCIM’ feature flag and ‘user_sync_enabled’ options must be […]

3 mins read