Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations.
The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html