CVE-2025-41115 - CVE-2025-41115

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available

EPSS Score: 0.02% chance of exploitation (percentile: 6%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: GitHub PoC

What is it?

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management.

In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privil

Am I affected?

You're affected if you use SCIM provisioning was. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

How to fix

No public patch link found in the advisory. Contact the vendor directly for remediation guidance. As immediate mitigation: restrict network access to affected systems if possible.

References

grafana.com