SCIM Vulnerability

Vulnerabilities found in the System for Cross-domain Identity Management (SCIM) component.

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Nov 23, 2025

—

by

Elles De Yeager

in Cyber News & Updates

Grafana has issued urgent security updates for a critical vulnerability in its SCIM provisioning feature, carrying a maximum CVSS score of 10.0. This flaw (CVE-2025-41115) could allow attackers to escalate privileges or impersonate users, especially in Grafana versions 12.x where SCIM provisioning is active, leading to a newly provisioned user being treated as an existing…